《DevSecOps(左移)保护云原生应用程序.pdf》由会员分享,可在线阅读,更多相关《DevSecOps(左移)保护云原生应用程序.pdf(34页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveArvind Kumar and Faisal Azizullah-Principal EngineerCX Americas CTAODEVNET-3012DevSecOps(shift left)to secure Cloud Native Application 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webe
2、x App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 20
3、23 Cisco and/or its affiliates.All rights reserved.Cisco PublicDEVNET-30123Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicApplication Market TrendsCloud Native Security ChallengesCisco Panoptica OverviewDemoQ&ADEVNET-30124Application Market Trends 2023 Cisco and/or its affil
4、iates.All rights reserved.Cisco Public#CiscoLiveApplication experience is more Critical than ever49%of users switched supplier due to poor digital experience50%willing to pay more for a digital experience better than that of a competitors100msdelay in load time=7%drop in online conversationsDEVNET-3
5、0126 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIn the next 3 years,500 million new apps will be written,almost all of them for the digital worldDEVNET-30127 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication TransformationNetworkin
6、gApp LogicLibrariesBare MetalBare Metalvirtual machineNetworkingApp LogicLibrariesModern Cloud AppsService EPService EPVMBare MetalContainerApplicationBare MetalContainerImageBare MetalServerlessService EPRPCFrom monolithicTo distributed microservicesloosely coupled with Infrastructure8DEVNET-3012Cl
7、oud Native Security Challenges 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExplosion of threat vectors in microservices securityEvery quarter and API attacks will be the most frequent attack vector in the future according to Gartner286%API attack increase 93%of compani
8、es had a Kubernetes security incident in the last 12 monthsAverage cost of a data breach in 2022$4.35 millionDEVNET-301210 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Native Security Challenges4 Cs of Cloud Native SecuritySource:kubernetes.ioPublic/Private Cloud
9、Infrastructure Security PostureKubernetes Cluster Security PostureContainer SecurityImageRuntime Micro segmentation API SecurityAuthentication and AuthorizationEncryptionSecrets Management DEVNET-301211 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveModern applications ha
10、ve larger attack surface12DEVNET-3012https:/ vectors in the container lifecycleGartner:Threat vectors in the container lifecycle1.Development system2.Git-based repository3.Retrieval of dependencies4.Image registry5.Unsecured orchestrator platform6.Host-container relationship7.Rapid rate of change8.M
11、SA communication and network segregation9.Inter-process communication10.Increased number of databases11.Application layer attacks 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApproach to Application Security13DEVNET-3012Can I rely on communication between services?Can I
12、 automatically manage risk introduced by vulnerable apps?Is the application configured properly?What software does it use?How Do I Protect Cloud Native Apps?ShiftShift-LeftLeftSecuritySecurityApplication Application Composition Composition Connection andConnection andAPI AssessmentAPI AssessmentPoli
13、cy ControlPolicy ControlGovernanceGovernanceCisco PanopticaCloud-Native Application Security,Simplified 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePanoptica15DEVNET-3012https:/panoptica.appSimplified Cloud-Native Application Security for DevSecOps,Platform,and DevOps
14、teams 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Panoptica enables DevSecOps at scale16DEVNET-3012Policy automationPolicy automationWrite one policy and propagate across containers or code deployments to ensure new code has less riskActionable InsightsActionable
15、 InsightsDashboard highlighting MITRE ATT&CK vectors aligned to Kubernetes risks PodPod-based based approachapproachApplication runs on a single pod that covers your entire environment even across clouds Works across all Kubernetes platformsWorks across all Kubernetes platformsRedHatRedHatOpenShiftO
16、penShiftRancherRancherRKERKEGoogleGoogleGKEGKEAWSAWSEKSEKSOracleOracleOCIOCIAlibabaAlibabaACKACKAzureAzureAKSAKSTencentTencentTKETKE 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApply Security Before AnyAny IntegrationShifting Security to the LeftApply Security Before E
17、veryEvery DeploymentCloud Native Security GoalGoal“Shift Left”and Make It ContinuousDEVNET-301217 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnabling security across the full app stack-dev to runtime18DEVNET-3012DeploymentRuntimeCI/CDDevShift LeftShift LeftSecuritySec
18、urityApplication Application Composition Composition Connection andConnection andAPI AssessmentAPI AssessmentPolicy ControlPolicy ControlGovernanceGovernance 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSingle Controller,Modular ArchitectureDEVNET-301219controllercontro
19、llergrypegrype-serverserverkubeclaritykubeclarityapiclarityapiclarityvaultvaultistioistioCVE DBCVE DBKubernetes Control PlaneKubernetes Control Planepanoptica.apppanoptica.appconfigurationconfigurationfindingsfindingsDeployment RulesCluster Events Rules 2023 Cisco and/or its affiliates.All rights re
20、served.Cisco Public#CiscoLiveSingle Controller,Modular Architecturecontrollercontrollergrypegrype-serverserverkubeclaritykubeclarityapiclarityapiclarityvaultvaultistioistioCVE DBCVE DBKubernetes Control PlaneKubernetes Control Planepanoptica.apppanoptica.appconfigurationconfigurationfindingsfindings
21、Connection RulesAPI Security TracesAPIAPIGatewaysGatewaysDEVNET-301220 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGetting Started with Cisco Panoptica1.Create an account on https:/panoptica.app(Its free!)2.Bring your own Kubernetes cluster and add it to the portal3.Do
22、wnload the installer artifacts and deploy in your clusterDEVNET-301221DemoContinuous Integration Actionable Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveContinuous Integration Actionable SecurityDeveloper PersonaPipeline ReportDEVNET-301224 2023 Cisco and/or it
23、s affiliates.All rights reserved.Cisco Public#CiscoLiveContinuous Integration Risk VisibilitySecurity PersonaSummary ReportDEVNET-301225 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveContinuous Deployment Policy EnforcementDEVNET-301226 2023 Cisco and/or its affiliates.A
24、ll rights reserved.Cisco Public#CiscoLiveContinuous Deployment Policy EnforcementDEVNET-301227DemoQ&A 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will ge
25、t Cisco Live-branded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.DEVNET-301230 2023 Cisco and/or its affiliates.All rights
26、 reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/o
27、r its affiliates.All rights reserved.Cisco Public#CiscoLive33Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123433 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDEVNET-3012#CiscoLive