Más contenido relacionado

Presentaciones para ti(20)

Similar a Getting Started with Runtime Security on Azure Kubernetes Service (AKS)(20)


Más de



Getting Started with Runtime Security on Azure Kubernetes Service (AKS)

  1. Getting Started with Runtime Security on Azure Kubernetes Service Eric Carter Director, Partner Marketing Sysdig
  2. | Sysdig Inc. Kubernetes: Default OS for Cloud • Speed innovation • Drive efficiency UI APPLICATION DATABASE COMPUTE DATA 2 Kubernetes Microservices Cloud
  3. | Sysdig Inc. Azure Kubernetes Service (AKS) • Managed Kubernetes on Microsoft Azure • Designed to simplify the deployment, management, and operations of Kubernetes • Automated upgrades, patches • High reliability and availability • Easy and secure cluster scaling • Self-healing • API server monitoring • Control plane at no charge 3
  4. | Sysdig Inc. Security Concerns 4 Sysdig 2021 container security and usage report: Shifting left is not enough – January 13, 2021
  5. | Sysdig Inc. What is Runtime? 5
  6. | Sysdig Inc. What is Container Runtime Security? • Protection for running containers and application environment • Analysis of activity - containers, hosts, network connections, files, etc. • Detection and prevention of unknown, unexpected, and unwanted behavior 6 Key workflow for securing production containers and Kubernetes
  7. | Sysdig Inc. What’s happening inside? Where is it happening? Where did it go? Visibility Challenges with Containers
  8. | Sysdig Inc. Runtime Security for Azure Containers Azure / AKS Host (node) Container 1 Container 2 Container 3 Observe runtime events from syscall data actions, enforcement Event details HosteBPF Program / kernel module ContainerVision™ Filter with rules 8
  9. | Sysdig Inc. Viewing Data with Kubernetes Context 9 Distributed container workloads service 1 service 2 service 3 service 4 Organized view of services, apps, pods, etc. ServiceVision™ “Show me security events by namespace and pod” AKS / Kubernetes Metadata
  10. | Sysdig Inc. Sysdig Agent API calls Users Workloads Interactions with the Kube API registered K8s audit log events checked against policies Security Events e.g., RBAC tampering Activity Audit e.g., Kubectl exec Kubernetes Audit Log Kube API activity logs automatically ingested Runtime Security Policies Example Detections ● Did someone store credentials in a configmap versus secrets? ● Who is exec’ing into a pod and modify a file? Where was it initiated from? ● Are users escalating privileges via RBAC? Sysdig Secure Devops Platform AKS Incorporating AKS Audit Log Data 10
  11. | Sysdig Inc. Kernel eBPF Probe Falco K8s audit logs Syscall data Open-Source Falco Kernel eBPF Probe K8s audit logs Syscall data Sysdig Secure Sysdig Secure ● Alert on malicious events ● DIY responses ● Alert on malicious events ● Automatic remediation ● OOB policies (MITRE detection, compliance, FIM etc) ● K8s native prevention ● SIEM forwarding ● Alerting integrations Sysdig Secure Devops Platform 11 Runtime Security Based on Falco
  12. | Sysdig Inc. Why Sysdig for Runtime Security? Depth ○ Open source Falco based detection engine ○ Out of the box, community driven rules ○ Save time with OOB policies or create custom policies Breadth ○ Combine data sources - syscalls, audit logs, kubernetes context Single policy interface ○ Detect threats across containers, hosts, Kubernetes/AKS ○ Manage ‘Policy as code’ Secure containers, Kubernetes and cloud services Sysdig Secure Sysdig Monitor Anchore Engine 12
  13. | Sysdig Inc. Runtime Security for Payment Processing ▸ Difficulty scaling visibility across cloud environments ▸ No way to effectively police and audit activity ▸ Proving PCI compliance Challenge ▸ SaaS-based security and monitoring with Sysdig ▸ Automated runtime analysis & intrusion detection ▸ Activity auditing from syscall data & K8s audit logs Solution ▸ Achieved results in minutes with fast onboarding ▸ Improved communication between DevOps & security ▸ Simplified achieving PCI compliance ▸ Reduced operational overhead by 50% Results 13 Deliver modern payment solutions with containers and Kubernetes • Container Platform Engineering • Cloud Security Architect
  14. Demo!
  15. | Sysdig Inc. Sysdig Secure Sysdig Monitor Security built on open source foundation Deep visibility to run apps confidently Scale simply with SaaS and DevOps integrations Secure containers, Kubernetes and cloud services Sysdig Secure DevOps Platform Anchore Engine 15
  16. What next? Take a test drive! Join us for future sessions! Download security and monitoring guide