Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays
•Als PPTX, PDF herunterladen•
1 gefällt mir•232 views
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays fullstack tech radar day by Tikal
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays
Ähnlich wie Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays (20)
Mehr von Demi Ben-Ari
Mehr von Demi Ben-Ari (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays
- 1. Hacker vs Company, Cyber Security Automated with Kubernetes Demi Ben-Ari – VP R&D @ Panorays
- 3. About Me Demi Ben-Ari, Co-Founder & VP R&D @ Panorays ● Google Developer Expert ● Co-Founder of Communities: ○ “Big Things” - Big Data, Data Science, DevOps ○ Google Developer Group Cloud ○ Ofek Alumni Association In the Past: ● Sr. Data Engineer - Windward ● Team Leader & Sr. Java Software Engineer, Missile defence and Alert System - “Ofek” – IAF
- 4. Some important things ● What I’m not: Docker / Kubernetes / Security Expert ● What you won’t be after this talk: Docker / Kubernetes / Security Expert ● What you will be after this talk? ● Happier people (Because I’ve stopped talking) ● You’ll know what was our problem and our way of solution ● You’ll know where to search and learn more things ● The answer to the “What’s the meaning of life?” (42)
- 5. What is (Cyber) security? https://www.pinterest.com/mechlite/security-fails/ http://www.techeblog.com/index.php/tech-gadget/funny-security-cameras https://www.pinterest.com/pin/449585975275324132/
- 6. What is “Security”? ● Security is a Technology ● Security is an Action ● Security is a Process ● Risk Assessment Methods ● https://www.iso.org/standard/56742.html ● https://www.securityforum.org/
- 9. Assets, Security, Threats, Adversaries Risk = (Vulnerabilities X Threats X Consequences) PrivacyContent Identity Files Assets Tor VPN HTTPS Encryption 2FA HTTP Filter Patching WAFFirewall SSL / TLS SSH Security Threats Adversaries Vishing Phishsing Spying Adware Backdoors Adware Exploit Kits Spyware Viruses Malware Mass Surveillance Spies Nation-States Hackers Hackers Groups Crackers Colleagues Cyber Criminals Law Enforcement Ex-Partner Governments Pseudo Anonymity Anonymity
- 10. What do we do at Panorays?
- 11. How Do Hackers Get to Third Parties? Supplier Employees IT & Network Application - Confidential -12p. 52% by the Human Factor
- 12. The Problem
- 13. What’s the hardest problem in Software Engineering?
- 14. Naming Things
- 15. What’s the biggest problem in Software Engineering? ● Naming Things https://www.pinterest.com/pin/52424783138601042 /
- 17. Step #1 - Appoint a CNO ● Chief Naming Officer - your go to guy for all of the hardest problems
- 18. Step #2 - Define the problem and abstractions ● Parallelizm happening in the manner of a company (VMs being launched). ● Scan and evaluation process is not transparent. ● Server utilization is low. ● Had to build an internal orchestration system via Cron & Bash. ● (Think how fun is that…) ● How do you monitor all of this? ● Need to control it all via an easy API
- 19. Step #3 – Understand the people involved ● We had software engineers and security researchers on the team ● How do you integrate Dev – Sec – Ops? ● Creating a CI / CD pipeline? ● How do you make not software engineers deploy code to production?
- 21. We’ve created a “Microlith”
- 24. In the beginning... 1st Job 2nd Job n-1 Job nth Job . . .
- 25. The Transporter a Dynamic Workflow Engine Built for Running Kubernetes Jobs According to a Predefined Workflow.
- 26. The Transporter ● Flexible and Efficient ● Parallel ● Automated { }
- 27. A bit about Kubernetes ● Greek for “Helmsman”; also the root of the words “governor” and “cybernetic”. ● Manages container clusters ● Inspired and informed by Google’s experience and an internal system (Borg) ● Supports multiple cloud and bare-metal environments ● 100% Open source, written in Go ● Manage applications, not Machines
- 28. Cattle vs. Pets CattlePet • Has a name • Is unique or rare • Personal Attention • If it gets ill, you make it better • Has a number • One is much like any other • Run as a group • If it gets ill, you make hamburgers
- 29. Kubernetes Terminology ● Deployment ● Service ● ReplicaSet ● Pod ● Volume ● Label ● Selector ● ConfigMap ● Secret ● DaemonSet ● Stateful Set ● Job ● Liveness Probe ● Readiness Probe
- 31. ● Jobs ● Phases ● Workflows The Deal is The Deal discover map fetch rate saveaggregate detect Parallel Sequential Sequential
- 32. Never Make a Promise You Can’t Keep ● Retries ● Schedule ● Timeouts The Transporter Q1 Worker1 ... Workern Task1 ... Taskn Q2
- 33. Almost Never Make a Promise You Can’t Keep ● Failure 1 ● Notifications
- 34. No Names ● UUID (([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?') Max Chars: 63 CompanyName JobName WorkflowId● Labels, Labels everywhere website__bot
- 35. So What’s On Our Cluster? ● The Transporter Service ● Workers Deployments ● Redis ● KubernetesJobs triggered by the transporter
- 36. What’s Next? ● Workflows Monitoring (Grafana and Dash dashboards) ● ConfigMap for Versions ● Asset level Parallelization~O(n_assets * jobslowest) ~O(jobslowest)x100-x1,000,000
- 37. Conclusions ● If you have a possibility -> Don’t implement distributed systems ● Kubernetes is a great container orchestration tool ● Installing it on bare metal is not that fun - but also possible ● “Perfect” is the enemy of “Working” / “Giving Value” ● Making non developers deploy to production seamlessly
- 38. Questions
- 39. Thank You