Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

OSMC 2022 | Automated Incident Response for Cloud Native Risks by Simarpreet Singh

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité

Consultez-les par la suite

1 sur 52 Publicité

OSMC 2022 | Automated Incident Response for Cloud Native Risks by Simarpreet Singh

Télécharger pour lire hors ligne

Incident response teams are already drowning in alerts – and potentially are missing critical vulnerabilities. What usefulness there is to a security scanner which tells you there are thousands of vulnerabilities, but you need to take the time to go fix them? Extending visibility and responsibility to cloud native environments compounds this challenge faced by teams of weeding through huge volumes of alerts to determine which risks are the most urgent, and how best to respond to incidents. This session will cover how security teams can use open source projects to better identify high risk cloud native events, orchestrate responses with other third-party integrations based on these high-fidelity insights, and execute playbooks for more automated and effective incident analysis and handling processes. We will cover a variety of use cases ranging from simple cases such as acting upon CVE detections when performing vulnerability scans to more complex scenarios of runtime d etection. The session will focus on practical use case scenarios that are commonly observed in day-to-day situations.

Incident response teams are already drowning in alerts – and potentially are missing critical vulnerabilities. What usefulness there is to a security scanner which tells you there are thousands of vulnerabilities, but you need to take the time to go fix them? Extending visibility and responsibility to cloud native environments compounds this challenge faced by teams of weeding through huge volumes of alerts to determine which risks are the most urgent, and how best to respond to incidents. This session will cover how security teams can use open source projects to better identify high risk cloud native events, orchestrate responses with other third-party integrations based on these high-fidelity insights, and execute playbooks for more automated and effective incident analysis and handling processes. We will cover a variety of use cases ranging from simple cases such as acting upon CVE detections when performing vulnerability scans to more complex scenarios of runtime d etection. The session will focus on practical use case scenarios that are commonly observed in day-to-day situations.

Publicité
Publicité

Plus De Contenu Connexe

Publicité

OSMC 2022 | Automated Incident Response for Cloud Native Risks by Simarpreet Singh

  1. 1. © 2022 Aqua Security Software Ltd., All Rights Reserved
  2. 2. © 2022 Aqua Security Software Ltd., All Rights Reserved Simar Singh OSMC 2022 Automated Incident Response for Cloud Native Risks
  3. 3. © 2022 Aqua Security Software Ltd., All Rights Reserved Simar Singh Open Source Engineer Twitter: @simarpreet7 GitHub: simar7
  4. 4. 4 Lay of the land Challenges SOAR Demos! Agenda
  5. 5. 5 You might have heard…
  6. 6. 6 You might have heard… Security is a need not an option
  7. 7. 7 You might have heard… Security is a need not an option We must shift left
  8. 8. 8 You might have heard… Security is a need not an option We must shift left Patch all the servers ASAP!!! 🔥
  9. 9. 9 What is Security?
  10. 10. 10
  11. 11. 11 How do I do it?
  12. 12. 12
  13. 13. 13
  14. 14. 14 What isn’t security? Using more security projects (for the sake of it) Reducing accessibility for users Alert management for operators
  15. 15. 15 What isn’t security? Using more security projects (for the sake of it) Reducing accessibility for users Alert management for operators
  16. 16. 16
  17. 17. 17
  18. 18. 18 Photo by Brian Tromp on Unsplash Alert fatigue is REAL
  19. 19. 19 Photo by Brian Tromp on Unsplash Alert fatigue is REAL
  20. 20. 20 https://www.pagerduty.com/blog/lets-talk-about-alert-fatigue/
  21. 21. 21 tldr: we need to do better
  22. 22. 22 A good alert is… Is Actionable Is Descriptive Has Set Thresholds Goes to the right people
  23. 23. 23 An Ideal alert is… Is Actionable Is Descriptive Has Set Thresholds Goes to the right people Is Automated
  24. 24. 24 What is Alert Automation? Self healing Self resolving Automated “playbooks”
  25. 25. 25
  26. 26. 26 How can we classify?
  27. 27. 27 S.O.A.R.
  28. 28. 28 S.O.A.R. Security Orchestration, Automation, and Response
  29. 29. 29 Security orchestration, automation, and response (SOAR)
  30. 30. 30 How can we SOAR?
  31. 31. 31 Some existing implementations… Aqua Postee Shuffle Tines (and many more)
  32. 32. 32
  33. 33. 33 What is Postee? Message routing system Policy based routing Enforcement on Alerts
  34. 34. 34
  35. 35. 35 Please ELI5 (explain me like I’m 5) Postee to me…
  36. 36. 36 How can Postee help? Fielding alerts Automating “playbooks” Reducing operator overload
  37. 37. 37 You might have heard of… Trivy – The Swiss Army Knife for Security Scanning
  38. 38. 38
  39. 39. 39 Demo! Trivy + Postee
  40. 40. 40
  41. 41. 41 You might have heard of… Tracee – The awesome eBPF based runtime tool
  42. 42. 42
  43. 43. 43 Demo! Tracee + Postee
  44. 44. 44
  45. 45. 45 • Postee Config • Declarative • YAML (who doesn’t love it) • •
  46. 46. 46 • Postee Policies • OPA/Rego based • Flexible • Existing templates •
  47. 47. 47 Postee Actions Lightweight integrations Easy to define interface
  48. 48. 48 Postee Actions Slack, MS Teams, Email PagerDuty, OpsGenie ServiceNow, Nexus IQ Kubernetes, Docker, Webhook
  49. 49. 49 Postee Actions
  50. 50. 50 Postee Actions
  51. 51. 51 All Aqua projects mentioned today are Open Sourced github.com/aquasecurity/postee github.com/aquasecurity/tracee github.com/aquasecurity/trivy
  52. 52. © 2022 Aqua Security Software Ltd., All Rights Reserved Thank you

×