►
From YouTube: #DevOpsSpeakeasy at #kongsummit22 with Stepan Ilyin
Description
Restream helps you multistream & reach your audience, wherever they are.
A
Egg
detection
make
it
a
decision
like
if
this
particular
request
is
in
malicious
or
not
block
it
in
case
you
need
like,
if
you
believe
it's
malicious
thing,
so
it's
really
really
hard
to
do
on
scale,
especially
like
we
have
customers
like
Dropbox,
mirror
they
analyze
like
billions
of
requests
daily,
and
so
it's
really
really
hard
to
do
on
scale.
So
that's
why
you
need
help
okay,.
A
A
Oh
yeah,
yeah
false
positives.
Are
it's
actually
not
a
big
challenge?
Not
only
have
people
doing
it
fast
but
like
how
to
do
it
accurately,
though,
so,
like
we
put
a
lot
of
efforts
in
that
direction,
so
at
the
end
of
the
day,
it's
all
about
like
how
we
approach
the
attack
detection
and
obviously
what
you
don't
want
to
use
is
signatures.
You
know
like
this
very
basic,
regular
based
rules
wouldn't
have
a
match,
with
some
kind
of
like
database
of
the
bad
payloads
at
least
again
like
so
outdated.
A
Unfortunately,
this
is
what
a
lot
of
companies
still
sell.
So
you
don't
want
to
use
that
so,
like
we
use
a
behavioral
based
analytics
with
grammar
base.
Attack
detection
is
basically
when
you
think
about
the
compiler.
You
basically
need
to
create
a
compiler
that
understands
the
source
code.
We
created
a
compiler
that
actually
understands
what
is
the
attack,
so
basically
describe
the
grammar
of
attack.
So
this
is
one
of
the
things
we
actually
open
sort.
You
can
find
it
at
GitHub.
A
It's
called
leap
detection,
so
it's
purely
grammar
based
attack
detection
technique,
so
they
can
find
injection
attacks
commanding
attacks.
So
like
it's
out
there
but
get
into
your
question
like
what
we
do
like
we
do.
Three
things.
One
is
APA
discovery:
how
even
to
find
all
the
apis
that
you
have
like
every
time
we
talk
with
a
customer
companies.
We
ask
simple
question:
how
many
API
endpoints
do
you
have
do
you
know
like?
Do
you
think
everybody
can
ask
answer.
A
I
mean
Kong
solved
a
problem
for
those
apis
that
are
managed
with
Kong.
But
if
you
have
like
other
apis
that
are
not
managed
by
accounts,
or
they
are
not
even
managed
by
any
API
Gateway
which,
by
the
way
like
Gardner,
is
saying
like
by
2024,
half
of
the
apis
wouldn't
be
managed
by
anything.
So
like
that.
A
A
Two
things:
like
one
thing:
we
can
do
the
outside,
so
you're,
giving
us
a
domain
like
kong.com
right
and
like
we
can
basically
find
everything
that
you
have
exposed.
Like
all
subdomains,
we
will
look
like
whatever
what
is
cached
and
Google
this
kind
of
stuff,
but
it's
not
enough.
So
basically
you
need
to
analyze
the
traffic
and
we
could
like
do
it
like
in
a
multiple
ways.
A
So
that's
why
we
use
out
of
band
approach
as
well
and
we
can
have
a
copy
of
the
traffic
from
Amazon
or
from
your
load
balancers
or
from
other
Cloud
providers,
so
basically
analyze
the
copy
of
all
the
traffic
and
build
a
whole
profile,
like
all
the
apis,
all
the
endpoints,
all
the
parameters
which
of
them
expose
sensitive
data
which
of
them
authenticated,
which
of
them
are
not
so
like.
That's
that's
the
approach.
Okay,.
A
B
Think
alarm
do
this
discovery
and
then
make
sure
that
each
and
every
API
go
through
my
API
Gateway
and
then.
A
B
A
That's
a
good
start
now.
You
know
like
at
least
what
do
you
have
out
there
now
you
need
to
now
you're,
not
sleeping
advice
and
thinking
how
on
Earth
we
can
protect
all
those
thousands
of
apis.
We
have
yeah
like
this
is
where,
like
com
can
help,
you
know,
like
you
make.
You
need
to
make
sure
like
all
of
them
authenticate
it.
You
need
to
make
sure
that
you
put
the
rate
limiting.
A
You
can
do
it
with
Kong
or
other
air
API
Management
Systems,
but
at
the
end
of
the
day,
you
also
need
to
think
like
how
to
make
sure
that
your
apis
are
not
abused
and
how
to
make
sure
that
they
are
not
breached
right
now.
This
is
where
you
can
like.
You
can
also
use
some
open
sources
by
the
way
so
like
whether
it's
a
kind
of
webs
out
there
web
is
a
web
application
firewall.
They
can
do
something
but
they're,
very
simple
kind
of
like
this.
A
At
the
end
of
the
end
of
the
day,
you
need
some
spidery
solution
that
can
actually
analyze
all
of
the
protocols
that
you
have
like
res
graphql,
grpc,
everything
that
is
out
there
web
sockets.
You
need
to
make
sure
that
your
solution
for
security
actually
supports
all
those
protocols
and
by
support
I
mean
like
it
can
parse
it
can
analyze
and
it
can
like
mitigate
all
those
effects
so
basically
and
a
disaware
yeah.
This
is
where
you
need
some
product
that
can
actually
the
best
case
sits
in
line.