《使用Panoptica保护云原生应用程序.pdf》由会员分享,可在线阅读,更多相关《使用Panoptica保护云原生应用程序.pdf(104页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveTim Miller,PhD Technical Marketing EngineerbroadcaststormBRKETI-2511Introducing PanopticaThe Cloud Native Security Solution for Containers,APIs,and Serverless Functions 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco
2、Webex App Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker
3、 until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKETI-25113#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaIntroductionDeveloper Focused,Shift Left SecurityApplication Composition SecurityConnection and API SecurityA
4、rchitecture and Open SourceSummaryBRKETI-25114Cloud Native Application Challenges 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication Architectures Had To EvolveApplicationServerDatabaseServerWebFrontEndData CenterFirewallWFO or WFHFinite ScaleLongReleaseCyclesComp
5、uteStorageBRKETI-25116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication Architectures Cloud NativeIngressPgSQLNoSQLtcp/SQLtelemetry3rdPartypaymenttcpHTTPfrontendbillingAppBrowserBRKETI-25117 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisco
6、LiveNew Architecture,Massive Attack SurfacePelotons Fitness(Data Exposure via unsecured API)May 2021May 2021API attacks will become the most-frequent attack vector,causing data breaches for enterprise web applications.-Gartner,2022Optus(Unsecured API leads to data exposure and extortion)Sep 2022Sep
7、2022FacebookAPI DOS Jan 2021Jan 2021John Deere,Springfox(Authorization vulnerability+Extensive data exposure)April 2021April 2021June 2020June 2020K8s SSRFJuly 2020July 2020K8s PrivilegeEscalationBRKETI-25118Experian(Authentication)April 2021April 2021LinkedIn(Data Leak Broken Object Level AuthZ)Jun
8、e 2021June 2021Algolia KeysLeaked,30+hardcodedNov 2022Nov 2022IBM CloudSupply Chain via Attack PathDec 2022Dec 2022PyTorch module(Supply Chain Attack)Jan 2023Jan 2023BAPI Sensitive Data LeakMar 2023Mar 2023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNew Architectures,
9、Significant ImpactQuarterly increase in API attacks,which will be the mostfrequent attack vector in the future according to Gartner286%increase in API attacks93%4of companies had a Kubernetes securityincident in 2022Average cost of a data breach in 2022$4.35 million1BRKETI-2511999%3of cloud failures
10、 are due to misconfigurationsForecast global costs in cybercrime by 2025$10.5 trillion2Sources:1.IBM Cost of a Data Breach Report 2022,2.McKinsey Cyber Security Trends 2022,3.Gartners estimate,4.RedHat State of K8s Security 2022 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisco
11、LiveEnabling security across the full app stackFrom Dev to RuntimeDeploymentRuntimeCI/CDDevShift LeftShift LeftSecuritySecurityApplication Application Composition Composition Connection andConnection andAPI AssessmentAPI AssessmentPolicy ControlPolicy ControlGovernanceGovernanceBRKETI-251110Develope
12、r FocusedShift Left Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Native Development Drives VelocityActive Focus on FeatureRecent MemoryFocused on Other FeaturesMonths LaterWeeks LaterHours to DaysAUTOMATEDAUTOMATEDAUTOMATEDAUTOMATEDAUTOMATEDAUTOMATEDBRKET
13、I-251112 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApply Security Before AnyAny IntegrationIntegrating Security in the PipelineShifting Security to the LeftApply Security Before EveryEvery DeploymentBRKETI-251113 2023 Cisco and/or its affiliates.All rights reserved.C
14、isco Public#CiscoLiveContinuous Integration Actionable SecurityDeveloper PersonaPipeline ReportBRKETI-251114 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveContinuous Integration Risk VisibilitySecurity PersonaSummary ReportBRKETI-251115 2023 Cisco and/or its affiliates.A
15、ll rights reserved.Cisco Public#CiscoLiveContinuous Deployment Risk AssessmentBRKETI-251116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSummary of Developer Focused SecurityCI integrated security assessment,policy enforcementContainers,serverless functions!CD integrate
16、d security assessment,policy enforcementServerless function code integrity,policy enforcementAPI Specification Analysis(more details in 2 sections!)BRKETI-251117Application Composition 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication CompositionContainer Securit
17、yKubernetes SecurityServerless SecurityBRKETI-251119 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAnatomy of a ContainerBase ImageRuntimeDependenciesApplicationUSER mobyENV var1ENV var2EXPOSE 443/tcpBRKETI-251120 2023 Cisco and/or its affiliates.All rights reserved.Cisc
18、o Public#CiscoLiveSoftware Bill of MaterialsBase ImageRuntimeDependenciesApplicationContainer SettingsBRKETI-251121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBase ImageAnatomy of a Kubernetes ApplicationRuntimeDependenciesApplicationPod MetadataPod Security ContextCo
19、ntainer SettingsContainer ResourcesContainer SecuritynamespacenamelabelsannotationscontainerPortprotocolresources(cpu/memory)readinessProbelivenessProbevolumestolerationsrunAsNonRootrunAsUserrunAsGroupfsGroupenvironment variablesvar1=value1var2=value2allowPrivilegeEscalationprivileged(container)capa
20、bilities(NET_ADMIN,e.g)readOnlyRootFilesystemContainer SettingsBRKETI-251122 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeveraging Industry Best PracticesPod MetadataPod Security ContextContainer SettingsContainer ResourcesContainer SecurityCIS Kubernetes Benchmarksht
21、tps:/www.cisecurity.org/benchmark/kubernetesCIS Docker Benchmarkshttps:/www.cisecurity.org/benchmark/dockerContainer SettingsBase ImageRuntimeDependenciesApplicationBRKETI-251123 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicPanoptica ShowcaseMITRE ATT&CK FrameworkContainer Image
22、Vulnerability AssessmentVulnerabilitiesLayersCIS BenchmarksPackages/LicensesKubernetes SecurityComprehensive Risk AssessmentPod Template and SecurityLicensesSCREENSHOTS IN HIDDEN SLIDES FOR YOUR REFERENCE!BRKETI-251124 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMITRE
23、ATT&CK FrameworkWhat do I remediate first?12REFERENCEBRKETI-251125 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveContainer Vulnerability Assessment123REFERENCEBRKETI-251126 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIdentified Runtime Risk
24、sKubernetes Runtime Assessment123Comprehensive Risk AssessmentRisk Acceptance via EditREFERENCEBRKETI-251127 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveShared Responsibility Model for KubernetesSource:AWS Shared Responsibility Model for EKShttps:/aws.github.io/aws-eks
25、-best-practices/security/docs/index.htmlBRKETI-251128 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveServerless Doesnt Mean SecurelessSource:AWS Shared Responsibility Model for Serverlesshttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicPanoptica Sh
26、owcaseServerless Function VisibilityVulnerability AssessmentSecret DetectionExfiltration RiskExcessive Permissions SCREENSHOTS IN HIDDEN SLIDES FOR YOUR REFERENCE!BRKETI-251130 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveServerless Comprehensive Risk FindingsREFERENCEB
27、RKETI-251131 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIdentify Potential Exfiltration TargetsREFERENCEBRKETI-251132 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExcessive Privilege DetectionREFERENCEBRKETI-251133 2023 Cisco and/or its a
28、ffiliates.All rights reserved.Cisco Public#CiscoLiveSummary of Application Composition SecurityPrioritized Risk of Security FindingsDashboard findings and K8SHIELDPlain language explanations of risks and remediationVulnerability and Runtime Assessment for Container and ServerlessSoftware Bill of Mat
29、erialsExcessive privilege detectionMulti-factor risk assessmentBRKETI-251134Connection andAPI Risk Assessment 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOpenAPI Spec(Swagger)Anatomy of an API(Application Programming Interface)frontendPOST/reservationrequest data(JSON)
30、response data(JSON)header data(key/value)GET/reservation/moidheader data(key/value)response data(JSON)AuthNAuthNAuthZAuthZbookingsBRKETI-251136 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVulnerable Software ComponentsSecurity of an APIFamiliar Transport Concernsfronte
31、nduser/frontend:1.1base-imageruntime-engineapplication-codetcp/443mTLSPermitted Cnxn(L3)Permitted Cnxn(L7)Permitted Cnxn(Sec)OpenAPI Spec(Swagger)POST/reservationrequest data(JSON)response data(JSON)header data(key/value)GET/reservation/moidheader data(key/value)response data(JSON)AuthNAuthNAuthZAut
32、hZbookingsBRKETI-251137 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveA Proper Reservation for TwoReservationReservationContact InfoLocationTimePayment InfoLogin:HansShare ReservationContact InfoContact InfoNameAddressPhoneEmailLogin:SarahBRKETI-251138 2023 Cisco and/or
33、its affiliates.All rights reserved.Cisco Public#CiscoLiveBroken Authentication and AuthorizationReservationReservationContact InfoLocationTimePayment InfoContact InfoContact InfoNameAddressPhoneEmailLogin:SeamusBUABOLALogin:AngelaDelete UserLogin:HansBFLALogin:NoneBRKETI-251139 2023 Cisco and/or its
34、 affiliates.All rights reserved.Cisco Public#CiscoLiveSecurity of an APIApplication Layer(L7)ConcernsfrontendAuthN TokenSpec AnalysisBroken Object Level AuthZBroken Function Level AuthZOpenAPI Spec(Swagger)POST/reservationrequest data(JSON)response data(JSON)header data(key/value)GET/reservation/moi
35、dheader data(key/value)response data(JSON)AuthNAuthNAuthZAuthZbookingsBRKETI-251140 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicPanoptica ShowcaseAPI Risk FindingsDashboardsInventorySummary Risk FindingsDetail Risk ExplanationComprehensive API Risk FindingsSCREENSHOTS IN HIDDEN
36、SLIDES FOR YOUR REFERENCE!BRKETI-251141 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAPI Security Dashboard Third-party APIsREFERENCEBRKETI-251142 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAPI Risk FindingsExternal API Assessments12REFER
37、ENCEBRKETI-251143 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAPI Risk FindingsOpenAPI Spec Analysis12REFERENCEBRKETI-251144 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAPI Risk FindingsTrace Analysis Sensitive Data in Transit1234REFERENC
38、EBRKETI-251145 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAPI Risk FindingsFuzz Testing12REFERENCEBRKETI-251146Policy,Governance,and Control 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeployment PolicyApplication Architecture PoliciesPe
39、rmit workloads deployments to targeted environmentsSecurity Focused PoliciesPrevent Risky Workloads Enforce Pod Standards(with Pod Security Standards Policy)Securely Manage SecretsBRKETI-251148 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeployment PolicyPrevent Risky
40、WorkloadsIf an image is determined to be risky from our vulnerability assessments,Panoptica can block the deployment to any or all cluster environments.REFERENCEBRKETI-251149 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeployment PolicyEnforce Pod StandardsBlock worklo
41、ad deployment if the pod specifications do not meet the minimum pod security standards.REFERENCEBRKETI-251150 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConnection PolicyEnforce encryption on the trafficAccess policy for the services(aka”firewall rules”)Security conte
42、xt with Access PoliciesBRKETI-251151 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConnection PolicyBlock Risky CommunicationsPanoptica can leverage its security assessments as part of connection policy.Explicitly deny traffic to/from risky workloads to sensitive locatio
43、ns.REFERENCEBRKETI-251152 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConnection PolicyEnforce Traffic EncryptionIn conjunction with the service mesh,Panoptica can enforce mTLS encryption for traffic between specified environments.REFERENCEBRKETI-251153 2023 Cisco and/
44、or its affiliates.All rights reserved.Cisco Public#CiscoLiveCluster EventsWorkload ProtectionModify pods in runtime“Interactive exec”into containersAdding executables in runtimeCluster ProtectionEvading detectionSecrets modificationUnauthorized workload creationData destructionBRKETI-251154 2023 Cis
45、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCluster Event PolicyProtecting Sensitive EnvironmentsREFERENCEBRKETI-251155Architecture andOpen Source 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow Kubernetes Cluster Access Workshttps:/kubernetes.io
46、/docs/concepts/security/controlling-access/AuthenticationAuthorizationAdmissionWho Are You?Can you access thoseKubernetes resources?Can you submit THAT DATAto THAT RESOURCEas THAT USER?BRKETI-251157 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow Kubernetes Cluster Acc
47、ess Workshttps:/kubernetes.io/docs/concepts/security/controlling-access/AuthenticationAuthorizationAdmissionUser X509 Client CertService Acct TokensRoles based on combo ofAPI,Resource and VerbsRoleBindings connectingUsers,APIs,and RolesMutatingAdmissionWebhookValidatingAdmissionWebhookBRKETI-251158
48、2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSingle Controller,Modular Architecturecontrollercontrollergrypegrype-serverserverkubeclaritykubeclarityapiclarityapiclarityvaultvaultistioistioCVE DBCVE DBKubernetes Control PlaneKubernetes Control Planepanoptica.apppanoptica
49、.appconfigurationconfigurationfindingsfindingsDeployment RulesCluster Events RulesBRKETI-251159 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow Istio/Envoy Permits Trafficshttps:/www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/listeners/listener_filtershttps:/w
50、ww.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ext_authz_filterListenerFilter ChainExternalAuthorizationReceive trafficfor a given serviceList of pluginsto control trafficSpecific plugin that callsout to external serviceto authorize trafficBRKETI-251160 2023 Cisco and/or its affilia
51、tes.All rights reserved.Cisco Public#CiscoLiveSingle Controller,Modular Architecturecontrollercontrollergrypegrype-serverserverkubeclaritykubeclarityapiclarityapiclarityvaultvaultistioistioCVE DBCVE DBKubernetes Control PlaneKubernetes Control Planepanoptica.apppanoptica.appconfigurationconfiguratio
52、nfindingsfindingsConnection RulesAPI Security TracesBRKETI-251161 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Open Source for Cloud Native Securityhttps:/openclarity.iohttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveKubeClarityh
53、ttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAPIClarity Dashboardhttps:/www.apiclarity.io/BRKETI-251164 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOther Open Source ProjectsEmerging Technologies and Incubation LaunchedBank VaultsCo
54、mmunity LaunchedHashicorp VaultSyft/GrypeIstio/EnvoyBRKETI-251165The Need for VM-Based Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveYep,we still use virtual machines:The number one most used service on AWS,Azure and GCP is their virtual compute services(e.g.,AW
55、S EC2)VMs are the predominate method for hosting containersVMs are vulnerable to multiple threats:Leaked Secrets/passwordsMalwareSystem MisconfigurationRootkitetc.Wait,what?!Did you say“Virtual Machines”?67BRKETI-2511 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThere a
56、re many very good open source and commercial-based solutions for providing threat detection for virtual machines:Vulnerability detectionMalwareExploit detectionetc.There are challenges with assembling these solutions yourself:Complex installation,configuration and reportingIntegration with deploymen
57、t automationSiloed reporting and visualizationToo Many Siloed ChoicesOpen Source/Commercial ChallengesOpen Source/Commercial ChallengesMalware DetectionLeaked Secrets/Password DetectionSBOMAnalysisBRKETI-251168 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVMClarity is a
58、n open source tool for agentless detection and management of Virtual Machines to perform:Software Bill of Materials(SBOM)analysisPackage&OS vulnerability detectionExploit detectionLeaked secret detectionMalware detectionMisconfiguration detectionRootkit detectionVMClarityAn OpenSource Security Tool
59、for Virtual Machineshttps:/ We Came 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnabling security across the full app stackFrom Dev to RuntimeDeploymentRuntimeCI/CDDevShift LeftShift LeftSecuritySecurityApplication Application Composition Composition Connection andConn
60、ection andAPI AssessmentAPI AssessmentPolicy ControlPolicy ControlGovernanceGovernanceBRKETI-251171 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecurity Challenges for Modern ApplicationsVisibilityVisibilityImages,Workloads,SecurityAPI traffic,3rdparty APIs72Assessment
61、AssessmentDomain specific security risksBehavior AnalysisRemediationRemediationAggregate Risk ScoringBest Practices,ComplianceBRKETI-2511 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIndustry Evolves,Challenges EvolveCoverageCoverageComprehensive InventoryTotality of Al
62、l Risk Findings73PrioritizationPrioritizationSecurity risks that most impact the businessConfidence in the findingsRemediationRemediationBridge the expertise gapIntegrate with existing toolchainsBRKETI-2511Whither We Go 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKET
63、I-251175 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCI/CD SecurityIdentify,prioritize,&remediate risk throughout SDLC&enforce continuous governance policies.CWPP+KSPMGet continuous visibility,risk assessment&mitigation guidance across all your cloud workloads:VMs,cont
64、ainers/Kubernetes,&serverless.API SecuritySecure,monitor&perform risk assessment of internal,external APIs,&API tokens.Code to Cloud Security from Development to RuntimeBRKETI-251176 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCI/CD SecurityIdentify,prioritize,&remedia
65、te risk throughout SDLC&enforce continuous governance policies.CSPMAutomate compliance monitoring&simplify asset visualization,sorting,&grouping.CWPP+KSPMGet continuous visibility,risk assessment&mitigation guidance across all your cloud workloads:VMs,containers/Kubernetes,&serverless.API SecuritySe
66、cure,monitor&perform risk assessment of internal,external APIs,&API tokens.Code to Cloud Security from Development to RuntimeBRKETI-251177 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAttack Path AnalysisPrioritize&fix exploitable attack vectors with comprehensive attac
67、k path analysis.CI/CD SecurityIdentify,prioritize,&remediate risk throughout SDLC&enforce continuous governance policies.CSPMAutomate compliance monitoring&simplify asset visualization,sorting,&grouping.CWPP+KSPMGet continuous visibility,risk assessment&mitigation guidance across all your cloud work
68、loads:VMs,containers/Kubernetes,&serverless.API SecuritySecure,monitor&perform risk assessment of internal,external APIs,&API tokens.Code to Cloud Security from Development to RuntimeBRKETI-251178 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicLightspinShowcaseCloud InventorySecuri
69、ty FindingsAttack Path AnalysisRoot Cause AnalysisSubmit Remediations to Development79BRKETI-2511 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCoverage Disclaimer:final UI subject to changeBRKETI-251180 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C
70、iscoLivePrioritization Too many findings!81BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrioritization Meaningful potential attack risks82BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.A
71、ll rights reserved.Cisco Public#CiscoLivePrioritization Meaningful potential attack risks83BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrioritization Meaningful potential attack risks84BRKETI-2511Disclaimer:final UI subj
72、ect to change 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrioritization Meaningful potential attack risks85BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrioritization Meaningful potential a
73、ttack risks86BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRemediation Integration with Toolchain87BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv
74、eRemediation Integration with Toolchain88BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRemediation Integration with Toolchain89BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.All rights re
75、served.Cisco Public#CiscoLiveRemediation Integration with Toolchain90BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRemediation Integration with Toolchain91BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or
76、its affiliates.All rights reserved.Cisco Public#CiscoLiveRemediation Integration with Toolchain92BRKETI-2511Disclaimer:final UI subject to change 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeep Dive on Cloud Native Attacks93BRKETI-2511Takeaways 2023 Cisco and/or its a
77、ffiliates.All rights reserved.Cisco Public#CiscoLiveKey TakewaysCloud native applications have exponentially increased the attack surface and simultaneously added novel attack vectors.Preventing security risks by shifting security left is more efficient for the developer and reduces the risks of cos
78、tly,public breaches.A comprehensive approach to cloud native application architectures and the deployment of cloud provider platforms in an integrated way is key to securing your business.Stay tuned to Outshift and Panoptica for our upcoming release integrating CSPM and Attack Path Analysis.BRKETI-2
79、51195 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeploy Panoptica Today!https:/panoptica.appFree tier version,full feature setScale limited only:1 cluster w/15 nodes,15 APIs,15 Serverless FunctionsNo license keys,no Smart Licensing.SSO via Cisco(SSO,SecureX,or AppD),L
80、inkedIn,GitHub,or GoogleBRKETI-251196 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDesign with Us Today!Want to be a part of defining the roadmap?Want early access to the integrated capabilities?Have strong opinions on usability and what is required to make your daily l
81、ife easier?97BRKETI-2511 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive98BRKETI-2511 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicVisit Outshift in the World of Solutions!Take a picture of this slide and bring it to the Outshift booth in the World of
82、Solutions.(#3307)Get your badge scanned to be entered into our daily drawing for an Apple iPad!Learn more about Panoptica!99BRKETI-2511 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys an
83、d the overall event survey will get Cisco Live-branded socks(while supplies last)!100BRKETI-2511These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.2023 Cisc
84、o and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.Cis
85、coL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive103Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:1234103 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKETI-2511#CiscoLive