《CNAPP 和 FSO 携手合作 - 思科可观测性和云原生应用安全的协同效应.pdf》由会员分享,可在线阅读,更多相关《CNAPP 和 FSO 携手合作 - 思科可观测性和云原生应用安全的协同效应.pdf(39页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLivePeter Bosch,Ran Ilany and Randy BirdsallBRKAPP-1116Application observations and securityAppDynamics FSO and Outshifts Panoptica 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3Questions?Use Cisco Webex App
2、to chat with the speaker after the sessionFind this session in the Cisco Live Mobile App(BRKAPP-1116)Click“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343htt
3、ps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKAPP-1116Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicApplication and security teams challengesSecurity insightsBRKAPP-11164 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveS
4、ales012345Quick ClaimSubmitApplications are the front door for digital experiencesExpense 2023 Cisco and/or its affiliates.All rights reserved.Cisco ConfidentialBRKAPP-11165 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrivatecloudHybrid cloudSecurityServiceprovidersClo
5、ud providersColocationSaaSSaaSSaaSSaaSSaaSThere is no business contextCampusHomeData centerEdge|IoT and OTAnd are built in complex environmentNetOpsAppOpsandDevOpsIT/SREAppSec and SecOpsBRKAPP-11166 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveE-CommerceLocationPersonal
6、izationChatAIAssociateMarketingScan and goPOSTeams need to see the full stack of available data Shared context across the digital experience ConsumerNetOpsAppOpsandDevOpsInfraOpsAppSecSecOpsBRKAPP-11167 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Full-Stack Obser
7、vability brings together data from multiple operations domains to provide unified visibility,derive real-time insights and recommend actions helping to:Focus on what matters most:revenue,user experience,risk,costsReduce time to resolution of incidents and performance issuesMinimize tool sprawl by pr
8、oviding a unified solutionBreak down silos by reducing friction among teamsFull Stack Observability(FSO)is a requirement for business to deliver the most efficient and secureexperience to users and applications.Cisco Full-Stack ObservabilityHow do FSO and security hang together?BRKAPP-11168 2023 Cis
9、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApp TeamFocused on velocity and user experienceSecurity TeamFocused on vulnerabilities,threats and attacksBRKAPP-11169 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAverage cost of a breach in 2022,which
10、is a 20%increase from 20173$4.3M$4.3M 99%99%of cloud failures are due to cloud misconfigurations170%+70%+Open source in any software,packaged or SaaS,with no provenance7x7xGrowth of API-based attack vectors in 2022,with 95%organizations facing API based attacks2The security perspectiveIt is all abou
11、t Application-AND-Application DataFinding the weakest point(s)exposed within the attack surface(AppSec)securingcomponentscomponents of your app(CI/CD)securing the software chainchain to build apps(CSPM)securingcloud resourcesresources it runs onDevDeployRuntime from dev time,to deploy time,to run ti
12、me from dev time,to deploy time,to run time Developer influenceSecOps influenceDeveloper influence(shift-left)SecOps influence(shift-right)Securing the codeSecuring the code-toto-cloud stack cloud stack(CWPP)securingyour workloadworkload(AppSec)securing the app itselfitselfBRKAPP-111610 2023 Cisco a
13、nd/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevelopers versus securityOr developers with security?11BRKAPP-1116Developer:“Security is in my way;I cannot be productive!Why are they always bugging me?”Security:“Developers are much like my teenage kids.They always know better!”Develo
14、per:“I dont understand the security problem,let me get security to work on security issues w/me to jointly address the problem”Security:“Im getting the entire context of the app!Now I can do some proper analysis jointly with developers”2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi
15、c#CiscoLiveThe attacker perspective The weakest link is important!12BRKAPP-1116The entry point an exploitable vulnerability!Then comes the chain used by a hacker to take over the application,its infrastructure and its dataXKCD 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLi
16、veMake it more practical!Log4j still very much alive in appsBRKAPP-111613 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAttacker establishes/bin/sh in containerContainer is misconfigured and attacker can assume role of the service accountAttacker can now assume any role
17、in cluster and pulls STS tokenK8s API server cannot distinguish between regular and actual service callsAWS RoleAttacker interacts with the K8s API server to get credentialsAttacker uses token to get to the AWS registry and S3 bucketsAWS allows for properly credentialed services to communicate with
18、the nodeSo,I have a compromised application,so what?What started as a“simple”Log4J issue,ends up disrupting more than the application aloneYOUR ENTERPRISE MAY NOT BE ANYMOREBRKAPP-111614 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe“best bags”vulnerable application15
19、BRKAPP-1116MysqlFrontendOrder APIPayment APICatalogue APIExternal APIsUser APICart APIMongoRedisRabbitMQShipping APIDelivery APIProduct dataProduct dataPartner dataPartner dataUser InformationUser InformationUser Shipping AddressesUser Shipping AddressesUser Credit CardsUser Credit CardsDelivery dat
20、aDelivery dataStore Locator APIPostgresStore Geo dataStore Geo dataConfidential dataConfidential dataAdminBackend 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat does it take for an attacker to attack?The log4j example in detailBRKAPP-111616 2023 Cisco and/or its affi
21、liates.All rights reserved.Cisco Public#CiscoLiveFrameworks for cloud-native app security2019 CNAPP2023 CNAPPBRKAPP-111617 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDifferent perspectives to the enterprise appPerformance and security18BRKAPP-1116Detailed security wit
22、h Panoptica application and cloud securityApp infrastructure securityIn-app security insights with business context 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUnderstand how an application can Understand how an application can be attacked through various layersbe atta
23、cked through various layersAttackers view by analyzing attack paths in AWS,GCP and Az,K8s,APIs,serverless and dataFindings combined into application context for business risk scoringJoint workflows between devops and secops plannedPanoptica attack path analysis19BRKAPP-1116 2023 Cisco and/or its aff
24、iliates.All rights reserved.Cisco Public#CiscoLivePanoptica CSPM+CIEM20Integrated cloud security posture manager Integrated cloud security posture manager and entitlement managerand entitlement managerBuild and applications Build and applications CICD security,SSCPosture management Posture managemen
25、t cloud inventory and assets,cloud security posture and config management,security graph+explorer,compliance frameworks,public assets at risk,risky and dangerous defaults,Threats and vulnerabilities Threats and vulnerabilities root cause analysis,remediation as code,identities and entitlement proble
26、msBRKAPP-1116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePanoptica KSPM and CWPP21Insight into Kubernetes,image Insight into Kubernetes,image vulnerabilities,RBAC and MITRE ATT&CKvulnerabilities,RBAC and MITRE ATT&CKService-mesh,mutating webhook,and CD plugins to perf
27、orm vulnerability assessment and deployment policiesImage scanning for VMs,containers and serverless functions;and SBOM/SLSAK8s vulnerabilities categorized by MITRE ATT&CK with remediation strategiesService mesh to obtain connection telemetry and enforce connection policiesRBAC control to assess who
28、 can access whatBRKAPP-1116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePanoptica Application Security22ApplicationApplication-level security issues:level security issues:application logic,IaC configuration application logic,IaC configuration scanning,API security and
29、serverlessscanning,API security and serverlessFix application software by developer in case there are issuesFind configuration issues and vulnerabilities in(K8s/cloud)configurationsFind used API(historical)interfaces;compare against OWASP API top 10;and track anomalies in API useScan for secrets in
30、serverless functions and overly permissive functionsBRKAPP-1116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUnderstand where data is most at risk;Understand where data is most at risk;what the data represents and how it can what the data represents and how it can get l
31、ost,encrypted or leakedget lost,encrypted or leakedFind all data sources,sinks,lost data records in the applicationUnderstand what that data represents and is most at risk because of exploitable vulnerabilitiesApplication and data security-based attack paths“how can I lose my data”Integration into a
32、ttack-path analysisPoC:Panoptica data security23BRKAPP-1116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePoC:Panoptica extra,enhanced and new features24Over time new attack techniques and Over time new attack techniques and detections are realized by attackers;detection
33、s are realized by attackers;Panoptica CICD and CNDR functions Panoptica CICD and CNDR functions address some of theseaddress some of theseCNDRCNDR real-time analysis of anomalous application behavior through the analysis of logs,traces,API calls,system calls and other telemetry.Reprioritization of a
34、ttack paths(“smoke”)and actual attack detectionsCI/CD CI/CD plugins for CICD chains,new attack vectors exist against CI/CD itself and software supply chains.Capture exploitable vulnerabilities and include in attack pathsBRKAPP-1116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Ci
35、scoLiveCisco in-app securitySecure ApplicationBusiness risk observability for hybrid applications Locate how and where an attack occurs with business transaction mapping from inside the applicationLeverage security intelligence from Cisco Talos,Kenna and Panoptica to quickly uncover your current sec
36、urity postureBRKAPP-111625 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIn-app data sensitivity analysisMaintain compliance and protect customer Maintain compliance and protect customer data;Detect and redact sensitive and data;Detect and redact sensitive and personal d
37、ata from inside the applicationpersonal data from inside the applicationPII leakage insights mapped to source entities to clamp down leakageLeverage prepackaged PII detection expressions to enable faster protectionBuild custom policies and expressions to detect and redact any dataCombine findings in
38、to vuln and threat context for business risk scoresBRKAPP-111626 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveKnow what vulnerable code your apps are using;Know what vulnerable code your apps are using;identify openidentify open-source risk!source risk!Constant runtime
39、container image scanning in Kubernetes from PanopticaRemediation guidance to get fixes out quicker tailored to your environment Native backend integration maps Kenna scores to discovered vulnsMachine learning using real-time and historical data to predict exploitation Leverage a better remediation m
40、ethodology compared to CVSSBRKAPP-111627Panoptica in FSOVulnerability management 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIdentify risk introduced by K8s&Containers Identify risk introduced by K8s&Containers(for now)(for now)Infrastructure risk cross-corelated with
41、application entitiesFindings combined into application context for business risk scoringIntegration with MITRE ATT&CK frameworks through PanopticaPanoptica in FSOKubernetes security posture28BRKAPP-1116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBusiness risk observab
42、ility for Cloud Native Application ObservabilityLocate and highlight threats and vulnerabilities across k8s and containers,securing deployment of modern applications on k8sDetect and protect against leakage of sensitive data in telemetry with pre-defined expressions to ensure complianceCombine threa
43、t and vulnerability intelligence from Cisco Kenna and Panoptica with business impact and runtime behavior to provide a business risk scoreSecurity insights and businessMore to come!BRKAPP-111629 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBusiness Risk ObservabilityBus
44、iness Context MappingMapping vulnerabilities and attacks to common transactions provides the business context to help you quickly understand the location and impact of threats.Vulnerability and Threat IntelligenceThreat intelligence feeds from multiple yet complementary sources provide the threat co
45、ntext to understand the likelihood of exploits.Business Risk ScoreScoring composited from analysis of runtime behavior+business impact+intelligence provides complete business risk context to instantly assess and prioritize action across ITOps and Security teams.+=Provide business context needed to r
46、apidly assess risk and align teams based on potential impactFull-Stack Observability SecureBRKAPP-111630 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive31BRKAPP-1116From:Hadley/Wikipedia 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive32Next Ste
47、ps:Start Using Panoptica for freeBRKAPP-1116panoptica.app 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive33Continue your cloud native security learningBRKAPP-1116 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicVisit Outshift in the World of Solutions!Tak
48、e a picture of this slide and bring it to the Outshift booth in the World of Solutions.(#3307)Get your badge scanned to be entered into our daily drawing for an Apple iPad!Learn more about Panoptica!34BRKAPP-1116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out you
49、r session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!35BRKAPP-1116These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn
50、 100 points in the Cisco Live Game for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,a
51、nd Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive38Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123438 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKAPP-1116#CiscoLive