SlideShare a Scribd company logo

Automating security compliance for physical, virtual, cloud, and container environments with Red Hat CloudForms, Red Hat Satellite, Red Hat Insights, and Ansible Tower by Red Hat

Lucy Huh Kerner
Lucy Huh Kerner

In this slide deck of my 2017 Red Hat Summit talk, you'll learn how to easily provision a security-compliant host and quickly detect and remediate security and compliance issues in physical, virtual, cloud, and container environments. We’ll discuss possible compliance challenges and show how a combination of Red Hat CloudForms, Red Hat Satellite, and Ansible Tower by Red Hat can help you quickly achieve compliance, automate security , and complete remediation. You’ll learn how you can integrate Red Hat CloudForms with Red Hat Satellite and Ansible Tower by Red Hat, as well as use the OpenSCAP integration in Red Hat Satellite, to perform audit scans and remediations at the push of a button on your systems and automate security to ensure compliance against various profiles, such as: The U.S. Government Configuration Baseline (USGCB). The Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG). The Centralized Supercomputing Facility (CSCF) baseline. The U.S. Government Commercial Cloud Services (C2S) baseline. The Certified Cloud and Service Provider (CCSP) baseline. Center for Internet Security (CIS) Benchmarks. The Payment Card Industry Data Security Standard (PCI DSS) Custom policies. You'll also learn how you can use the control and policy engine in Red Hat CloudForms to detect and fix vulnerabilities, such as Shellshock, and learn how to do proactive security and automated risk management with Red Hat Insights. To see the video replay of this talk, please visit: https://www.youtube.com/watch?v=8V1iDgOTWFA&t=1s

Technology
1 of 39
Download to read offline
S103174 - Automating security compliance for physical, virtual, cloud, and container environments Using Red Hat CloudForms, Red Hat Satellite, Red Hat Insights and Ansible Tower by Red Hat Lucy Huh Kerner Principal Technical Marketing Manager - Security, Red Hat May 4, 2017
Why automate security compliance?
“81% of hacking-related breaches leveraged either stolen and/or weak passwords.” 2017 Verizon Data Breach Investigations Report [http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017]
Let’s manually ensure security compliance ….. ● 3 ring binder of security checks and fixes that have to be done ● Very time consuming ● Highly prone to human error ● Tedious and boring ● Non-repudiable ● Not easy to do audits ● Not repeatable or sharable
Instead, what you want is ... ● Centralized management of your entire heterogeneous infrastructure ○ You can’t control what you don’t know about ● Automation, Automation, Automation ● Infrastructure and Security as code ○ Repeatable, sharable, verifiable, easier to do compliance audits ● Hardened, Security compliant host at provisioning time ○ Immutable Operating System: OS can’t be changed by untrusted parties ● Automated monitoring and fixing of all systems for entire lifecycle ● Proactive vs Reactive security
What tools can I use to help me with all this ?
Let’s start with SCAP. But, what is SCAP ? ● Security Content Automation Protocol ● Managed by National Institute of Standards and Technology (NIST) ● Standardized way of maintaining security of systems ○ Vulnerability and configuration security baselines
WHAT IS OpenSCAP? NIST validated and certified SCAP scanner by Red Hat Ships FREE with RHEL and Satellite !!! Configuration and Vulnerability Scanner
SCAP Workbench ● GUI tool that serves as an SCAP scanner and provides tailoring functionality for SCAP content, but only scans a single machine
But… I don’t just have 1 machine ... ● We have over 1000 linux hosts all living in different environments(VmWare vCenter, Microsoft Azure, etc). How do we scan, report on, and remediate all of these systems? ● How do we provide a customized self service portal for users to provision a security compliant host at provisioning time while still having tight control over our entire infrastructure? ● How do we do ongoing automated security compliance and remediation for our entire heterogeneous infrastructure? ● How do I ensure that all the 200+ container images in our environment and all future container images that will enter our environment are free of vulnerabilities in an automated fashion?
The secret is to use a combination of …..
Using Red Hat’s management products + OpenSCAP, how do I: 1) Create a security compliant host at provisioning time 2) Automate ongoing security compliance 3) Ensure governance and Control 4) Do proactive vs reactive security with Red Hat Insights **All in a heterogeneous infrastructure with a mix of physical, virtual , cloud, and container environments **
Creating a security compliant host at provisioning time with Red Hat CloudForms and Ansible Tower
15 Unified Management with Red Hat CloudForms CONTAINERS PRIVATE CLOUD PUBLIC CLOUDVIRTUALIZATION SOFTWARE DEFINED NETWORKING VMware© Microsoft© Hyper-V Red Hat Virtualization Amazon© Web Services Microsoft Azure Google© Cloud Platform Red Hat Openstack© Platform Red Hat© OpenShift Container Platform Service Management Compliance & Governance Efficiency & Optimization
CloudForms includes Ansible Inside (default automation for CloudForms)
DEMO #1
Creating a security compliant host at provisioning time 1. Push an order button in CloudForms which, behind the scenes will: ○ Provision a VM in VmWare ○ Register it with Satellite ○ Make it compliant to the Defense Information Systems Agency(DISA) Security Technical Implementation Guide (STIG) 2. Do all this WITHOUT writing a single line of code and WITH multi-tenancy ○ Users from different tenants have their own “order buttons” 3. Admin has tight control of entire heterogenous infrastructure and only allows certain people provision in Amazon vs VMWare based on tenancy, utilization, etc
Now, let’s see this in action!
You can also create a security compliant host in RHEL 7.2, RHEL 7.3 + Satellite 6
Of course, can kickstart too or create security compliant host(s) using Satellite 6 as well vs RHEL GUI install.
Automating ongoing security compliance with Red Hat CloudForms, Satellite, OpenSCAP, and Ansible Tower
DEMO #2
Automate ongoing security compliance 1. Push a button on a VM in CloudForms and do an OpenSCAP scan on it for a chosen security profile (PCI-DSS, DISA STIG, Standard, etc or your custom profile) ○ When the scan PASSES: i. Tag the VM as scap-compliant:<name of profile> ○ When the scan FAILS: i. Tag the VM as scap-noncompliant:<name of profile> ii. Email owner of VM iii. Open a ticket in a ticketing system, such as ServiceNow with the name of the failed VM and all other details about VM(size, IP address,etc) 2. Create reports of ALL scap-compliant/non-compliant VMs based on security profile 3. Push a button to fix the VM based on security profile. Once that looks good, do the fix for ALL machines in my environment at the push of a button.
Now, let’s see this in action!
The Power and Flexibility of the Red Hat CloudForms control/policy engine
DEMO #3
Power and Flexibility of the CloudForms control engine 1. Check to see if your VM is vulnerable to shellshock. If yes, then fix the VM using a button in CloudForms that launches an Ansible playbook to remediate the VM against the shellshock vulnerability. 2. In CloudForms, check to see if an Openshift container image has any severity high vulnerabilities. If yes, then Openshift will prevent that vulnerable image from ever running in Openshift again.
Now, let’s see this in action!
Proactive Security and Automated Risk Management with Red Hat Insights
wnix - Red Hat Insights RED HAT MANAGEMENT BUILD A TRUSTED & SECURE RED HAT ENVIRONMENT Manage the Red Hat Lifecycle Provision & Configure at Scale Standardize Your Environment DELIVER SERVICES ACROSS YOUR HYBRID CLOUD Hybrid Cloud Management Self-Service Provisioning Policy-driven Compliance AUTOMATE YOUR IT PROCESSES & DEPLOYMENTS Simple & powerful language No agents to install Scale with Ansible Tower PREVENT CRITICAL ISSUES BEFORE THEY OCCUR Continuous Insights Verified Knowledge Proactive Resolution Insights introduces automated risk management, reduces complexity, and allows you to FIX faster.
DEMO #4
Proactive Security with Red Hat Insights 1. See the payload injection issue on your VM in Red Hat Insights from either Satellite or CloudForms. ○ Upon fixing, notice that the issue no longer exists
Now, let’s see this in action!
SUMMARY 1) Create a security compliant host at provisioning time 2) Automate ongoing security and compliance 3) Ensure governance and Control 4) Do proactive vs reactive security with Red Hat Insights All with FLEXIBILITY + CHOICE using a combination of OpenSCAP, Red Hat CloudForms, Red Hat Satellite, Ansible Tower, and Red Hat Insights
Lucy Kerner Principal Technical Product Marketing Manager - Security , Red Hat lkerner@redhat.com @LucyCloudBling plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews
THANK YOU plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews
Automating security compliance for physical, virtual, cloud, and container environments with Red Hat CloudForms, Red Hat Satellite, Red Hat Insights, and Ansible Tower by Red Hat

Recommended

SS42731_v2_KernerMicene
SS42731_v2_KernerMiceneSS42731_v2_KernerMicene
SS42731_v2_KernerMiceneLucy Huh Kerner
 
2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...
2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...
2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...Lucy Huh Kerner
 
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Lucy Huh Kerner
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC Anton Chuvakin
 
NGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesNGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesKangaroot
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftKangaroot
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 

Recommended

SS42731_v2_KernerMicene
SS42731_v2_KernerMiceneSS42731_v2_KernerMicene
SS42731_v2_KernerMiceneLucy Huh Kerner
 
2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...
2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...
2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...Lucy Huh Kerner
 
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Lucy Huh Kerner
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC Anton Chuvakin
 
NGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesNGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesKangaroot
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftKangaroot
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsNovell
 
StorageOS - 8 core principles of cloud native storage
StorageOS - 8 core principles of cloud native storageStorageOS - 8 core principles of cloud native storage
StorageOS - 8 core principles of cloud native storageStorageOS
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
Digitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíDigitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíMarketingArrowECS_CZ
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesRightScale
 
Monitoring a cloud native platform feature
Monitoring a cloud native platform featureMonitoring a cloud native platform feature
Monitoring a cloud native platform featureAlois Mayr
 
Ravello – the Easiest Way to Cloud
Ravello – the Easiest Way to CloudRavello – the Easiest Way to Cloud
Ravello – the Easiest Way to CloudMarketingArrowECS_CZ
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)VMware Tanzu
 
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red HatContainers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red HatAmazon Web Services
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging LibbySchulze
 
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...Diane Mueller
 
VMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Tanzu
 
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...VMware Tanzu
 
The Need of Cloud-Native Application
The Need of Cloud-Native ApplicationThe Need of Cloud-Native Application
The Need of Cloud-Native ApplicationEmiliano Pecis
 
How to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to MicroservicesHow to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to MicroservicesVMware Tanzu
 
How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...Eficode
 
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld
 
Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...
Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...
Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...Dynatrace
 
VMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web ServicesVMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web ServicesMarketingArrowECS_CZ
 
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Prasad Mukhedkar
 
Red Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveRed Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveGreg Hoelzer
 

More Related Content

What's hot

Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsNovell
 
StorageOS - 8 core principles of cloud native storage
StorageOS - 8 core principles of cloud native storageStorageOS - 8 core principles of cloud native storage
StorageOS - 8 core principles of cloud native storageStorageOS
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
Digitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíDigitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíMarketingArrowECS_CZ
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesRightScale
 
Monitoring a cloud native platform feature
Monitoring a cloud native platform featureMonitoring a cloud native platform feature
Monitoring a cloud native platform featureAlois Mayr
 
Ravello – the Easiest Way to Cloud
Ravello – the Easiest Way to CloudRavello – the Easiest Way to Cloud
Ravello – the Easiest Way to CloudMarketingArrowECS_CZ
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)VMware Tanzu
 
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red HatContainers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red HatAmazon Web Services
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging LibbySchulze
 
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...Diane Mueller
 
VMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Tanzu
 
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...VMware Tanzu
 
The Need of Cloud-Native Application
The Need of Cloud-Native ApplicationThe Need of Cloud-Native Application
The Need of Cloud-Native ApplicationEmiliano Pecis
 
How to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to MicroservicesHow to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to MicroservicesVMware Tanzu
 
How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...Eficode
 
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld
 
Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...
Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...
Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...Dynatrace
 
VMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web ServicesVMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web ServicesMarketingArrowECS_CZ
 

What's hot (20)

Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
 
StorageOS - 8 core principles of cloud native storage
StorageOS - 8 core principles of cloud native storageStorageOS - 8 core principles of cloud native storage
StorageOS - 8 core principles of cloud native storage
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
 
Digitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíDigitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředí
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best Practices
 
Monitoring a cloud native platform feature
Monitoring a cloud native platform featureMonitoring a cloud native platform feature
Monitoring a cloud native platform feature
 
Ravello – the Easiest Way to Cloud
Ravello – the Easiest Way to CloudRavello – the Easiest Way to Cloud
Ravello – the Easiest Way to Cloud
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
 
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red HatContainers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging
 
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
 
VMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Developer-Ready Transformation
VMware Developer-Ready Transformation
 
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...
 
The Need of Cloud-Native Application
The Need of Cloud-Native ApplicationThe Need of Cloud-Native Application
The Need of Cloud-Native Application
 
How to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to MicroservicesHow to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to Microservices
 
How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...
 
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
 
Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...
Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...
Smarter Monitoring for Highly Distributed Cloud Foundry Application Environme...
 
VMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web ServicesVMware Cloud on Amazon Web Services
VMware Cloud on Amazon Web Services
 

Viewers also liked

Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Prasad Mukhedkar
 
Red Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveRed Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveGreg Hoelzer
 
OpenStack and CloudForms Do's and Dont's
OpenStack and CloudForms Do's and Dont'sOpenStack and CloudForms Do's and Dont's
OpenStack and CloudForms Do's and Dont'sFrederik Bijlsma
 
Asterisk as a Virtual Network Function Part 1
Asterisk as a Virtual Network Function Part 1Asterisk as a Virtual Network Function Part 1
Asterisk as a Virtual Network Function Part 1Leif Madsen
 
Managing open shift at scale across the open hybrid cloud
Managing open shift at scale across the open hybrid cloudManaging open shift at scale across the open hybrid cloud
Managing open shift at scale across the open hybrid cloudGeert Jansen
 
Pedal to the metal: Red Hat CloudForms for workload & infrastructure management
Pedal to the metal: Red Hat CloudForms for workload & infrastructure managementPedal to the metal: Red Hat CloudForms for workload & infrastructure management
Pedal to the metal: Red Hat CloudForms for workload & infrastructure managementAlex Baretto
 
Integrate Openshift with Cloudforms
Integrate Openshift with CloudformsIntegrate Openshift with Cloudforms
Integrate Openshift with CloudformsMichael Lessard
 
RHTE2015_CloudForms_Containers
RHTE2015_CloudForms_ContainersRHTE2015_CloudForms_Containers
RHTE2015_CloudForms_ContainersJerome Marc
 
Automating the Enterprise with CloudForms & Ansible
Automating the Enterprise with CloudForms & AnsibleAutomating the Enterprise with CloudForms & Ansible
Automating the Enterprise with CloudForms & AnsibleJerome Marc
 

Viewers also liked (11)

Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
 
Red Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveRed Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep Dive
 
OpenStack and CloudForms Do's and Dont's
OpenStack and CloudForms Do's and Dont'sOpenStack and CloudForms Do's and Dont's
OpenStack and CloudForms Do's and Dont's
 
Asterisk as a Virtual Network Function Part 1
Asterisk as a Virtual Network Function Part 1Asterisk as a Virtual Network Function Part 1
Asterisk as a Virtual Network Function Part 1
 
Cloudforms Workshop
Cloudforms WorkshopCloudforms Workshop
Cloudforms Workshop
 
Managing open shift at scale across the open hybrid cloud
Managing open shift at scale across the open hybrid cloudManaging open shift at scale across the open hybrid cloud
Managing open shift at scale across the open hybrid cloud
 
Pedal to the metal: Red Hat CloudForms for workload & infrastructure management
Pedal to the metal: Red Hat CloudForms for workload & infrastructure managementPedal to the metal: Red Hat CloudForms for workload & infrastructure management
Pedal to the metal: Red Hat CloudForms for workload & infrastructure management
 
Integrate Openshift with Cloudforms
Integrate Openshift with CloudformsIntegrate Openshift with Cloudforms
Integrate Openshift with Cloudforms
 
RHTE2015_CloudForms_Containers
RHTE2015_CloudForms_ContainersRHTE2015_CloudForms_Containers
RHTE2015_CloudForms_Containers
 
Meetup
MeetupMeetup
Meetup
 
Automating the Enterprise with CloudForms & Ansible
Automating the Enterprise with CloudForms & AnsibleAutomating the Enterprise with CloudForms & Ansible
Automating the Enterprise with CloudForms & Ansible
 

Similar to Automating security compliance for physical, virtual, cloud, and container environments with Red Hat CloudForms, Red Hat Satellite, Red Hat Insights, and Ansible Tower by Red Hat

Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17LennartF
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use CasesKevin Groat
 
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...Schlomo Schapiro
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsErnest Mueller
 
VirtSec, and the Open Source impact
VirtSec, and the Open Source impactVirtSec, and the Open Source impact
VirtSec, and the Open Source impactKris Buytaert
 
Security Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola CompanySecurity Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola CompanyAlert Logic
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Compliance Automation with InSpec
Compliance Automation with InSpecCompliance Automation with InSpec
Compliance Automation with InSpecChristoph Hartmann
 
Security and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseSecurity and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseAmazon Web Services
 
Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017Robert Parker
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Alert Logic
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudTjylen Veselyj
 

Similar to Automating security compliance for physical, virtual, cloud, and container environments with Red Hat CloudForms, Red Hat Satellite, Red Hat Insights, and Ansible Tower by Red Hat (20)

HCI ECOCAST
HCI ECOCAST HCI ECOCAST
HCI ECOCAST
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server security
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use Cases
 
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
Schlomo Schapiro - Why I like to use the proprietary Cloud services without f...
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systems
 
VirtSec, and the Open Source impact
VirtSec, and the Open Source impactVirtSec, and the Open Source impact
VirtSec, and the Open Source impact
 
Security Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola CompanySecurity Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola Company
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
 
Compliance Automation with InSpec
Compliance Automation with InSpecCompliance Automation with InSpec
Compliance Automation with InSpec
 
Security and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseSecurity and Advanced Automation in the Enterprise
Security and Advanced Automation in the Enterprise
 
Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017Planning for MQ in the cloud MQTC 2017
Planning for MQ in the cloud MQTC 2017
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challenges
 
security report
security reportsecurity report
security report
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Security
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the Cloud
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Automating security compliance for physical, virtual, cloud, and container environments with Red Hat CloudForms, Red Hat Satellite, Red Hat Insights, and Ansible Tower by Red Hat

  • 1. S103174 - Automating security compliance for physical, virtual, cloud, and container environments Using Red Hat CloudForms, Red Hat Satellite, Red Hat Insights and Ansible Tower by Red Hat Lucy Huh Kerner Principal Technical Marketing Manager - Security, Red Hat May 4, 2017
  • 2. Why automate security compliance?
  • 3. “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” 2017 Verizon Data Breach Investigations Report [http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017]
  • 4. Let’s manually ensure security compliance ….. ● 3 ring binder of security checks and fixes that have to be done ● Very time consuming ● Highly prone to human error ● Tedious and boring ● Non-repudiable ● Not easy to do audits ● Not repeatable or sharable
  • 5. Instead, what you want is ... ● Centralized management of your entire heterogeneous infrastructure ○ You can’t control what you don’t know about ● Automation, Automation, Automation ● Infrastructure and Security as code ○ Repeatable, sharable, verifiable, easier to do compliance audits ● Hardened, Security compliant host at provisioning time ○ Immutable Operating System: OS can’t be changed by untrusted parties ● Automated monitoring and fixing of all systems for entire lifecycle ● Proactive vs Reactive security
  • 6. What tools can I use to help me with all this ?
  • 7. Let’s start with SCAP. But, what is SCAP ? ● Security Content Automation Protocol ● Managed by National Institute of Standards and Technology (NIST) ● Standardized way of maintaining security of systems ○ Vulnerability and configuration security baselines
  • 8. WHAT IS OpenSCAP? NIST validated and certified SCAP scanner by Red Hat Ships FREE with RHEL and Satellite !!! Configuration and Vulnerability Scanner
  • 9.
  • 10. SCAP Workbench ● GUI tool that serves as an SCAP scanner and provides tailoring functionality for SCAP content, but only scans a single machine
  • 11. But… I don’t just have 1 machine ... ● We have over 1000 linux hosts all living in different environments(VmWare vCenter, Microsoft Azure, etc). How do we scan, report on, and remediate all of these systems? ● How do we provide a customized self service portal for users to provision a security compliant host at provisioning time while still having tight control over our entire infrastructure? ● How do we do ongoing automated security compliance and remediation for our entire heterogeneous infrastructure? ● How do I ensure that all the 200+ container images in our environment and all future container images that will enter our environment are free of vulnerabilities in an automated fashion?
  • 12. The secret is to use a combination of …..
  • 13. Using Red Hat’s management products + OpenSCAP, how do I: 1) Create a security compliant host at provisioning time 2) Automate ongoing security compliance 3) Ensure governance and Control 4) Do proactive vs reactive security with Red Hat Insights **All in a heterogeneous infrastructure with a mix of physical, virtual , cloud, and container environments **
  • 14. Creating a security compliant host at provisioning time with Red Hat CloudForms and Ansible Tower
  • 15. 15 Unified Management with Red Hat CloudForms CONTAINERS PRIVATE CLOUD PUBLIC CLOUDVIRTUALIZATION SOFTWARE DEFINED NETWORKING VMware© Microsoft© Hyper-V Red Hat Virtualization Amazon© Web Services Microsoft Azure Google© Cloud Platform Red Hat Openstack© Platform Red Hat© OpenShift Container Platform Service Management Compliance & Governance Efficiency & Optimization
  • 16. CloudForms includes Ansible Inside (default automation for CloudForms)
  • 18. Creating a security compliant host at provisioning time 1. Push an order button in CloudForms which, behind the scenes will: ○ Provision a VM in VmWare ○ Register it with Satellite ○ Make it compliant to the Defense Information Systems Agency(DISA) Security Technical Implementation Guide (STIG) 2. Do all this WITHOUT writing a single line of code and WITH multi-tenancy ○ Users from different tenants have their own “order buttons” 3. Admin has tight control of entire heterogenous infrastructure and only allows certain people provision in Amazon vs VMWare based on tenancy, utilization, etc
  • 19. Now, let’s see this in action!
  • 20. You can also create a security compliant host in RHEL 7.2, RHEL 7.3 + Satellite 6
  • 21. Of course, can kickstart too or create security compliant host(s) using Satellite 6 as well vs RHEL GUI install.
  • 22. Automating ongoing security compliance with Red Hat CloudForms, Satellite, OpenSCAP, and Ansible Tower
  • 24. Automate ongoing security compliance 1. Push a button on a VM in CloudForms and do an OpenSCAP scan on it for a chosen security profile (PCI-DSS, DISA STIG, Standard, etc or your custom profile) ○ When the scan PASSES: i. Tag the VM as scap-compliant:<name of profile> ○ When the scan FAILS: i. Tag the VM as scap-noncompliant:<name of profile> ii. Email owner of VM iii. Open a ticket in a ticketing system, such as ServiceNow with the name of the failed VM and all other details about VM(size, IP address,etc) 2. Create reports of ALL scap-compliant/non-compliant VMs based on security profile 3. Push a button to fix the VM based on security profile. Once that looks good, do the fix for ALL machines in my environment at the push of a button.
  • 25. Now, let’s see this in action!
  • 26. The Power and Flexibility of the Red Hat CloudForms control/policy engine
  • 28. Power and Flexibility of the CloudForms control engine 1. Check to see if your VM is vulnerable to shellshock. If yes, then fix the VM using a button in CloudForms that launches an Ansible playbook to remediate the VM against the shellshock vulnerability. 2. In CloudForms, check to see if an Openshift container image has any severity high vulnerabilities. If yes, then Openshift will prevent that vulnerable image from ever running in Openshift again.
  • 29. Now, let’s see this in action!
  • 30. Proactive Security and Automated Risk Management with Red Hat Insights
  • 31. wnix - Red Hat Insights RED HAT MANAGEMENT BUILD A TRUSTED & SECURE RED HAT ENVIRONMENT Manage the Red Hat Lifecycle Provision & Configure at Scale Standardize Your Environment DELIVER SERVICES ACROSS YOUR HYBRID CLOUD Hybrid Cloud Management Self-Service Provisioning Policy-driven Compliance AUTOMATE YOUR IT PROCESSES & DEPLOYMENTS Simple & powerful language No agents to install Scale with Ansible Tower PREVENT CRITICAL ISSUES BEFORE THEY OCCUR Continuous Insights Verified Knowledge Proactive Resolution Insights introduces automated risk management, reduces complexity, and allows you to FIX faster.
  • 33. Proactive Security with Red Hat Insights 1. See the payload injection issue on your VM in Red Hat Insights from either Satellite or CloudForms. ○ Upon fixing, notice that the issue no longer exists
  • 34. Now, let’s see this in action!
  • 35. SUMMARY 1) Create a security compliant host at provisioning time 2) Automate ongoing security and compliance 3) Ensure governance and Control 4) Do proactive vs reactive security with Red Hat Insights All with FLEXIBILITY + CHOICE using a combination of OpenSCAP, Red Hat CloudForms, Red Hat Satellite, Ansible Tower, and Red Hat Insights
  • 36.
  • 37. Lucy Kerner Principal Technical Product Marketing Manager - Security , Red Hat lkerner@redhat.com @LucyCloudBling plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews