Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Red Hat OpenShift / Security | OpenShift / 23 Feb 2019
Red Hat OpenShift / Security | OpenShift / 23 Feb 2019
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: London OpenShift Commons Gathering 2019 Lightning Talk Aqua Securing Containers on Red Hat OpenShift

Description

London OpenShift Commons Gathering 2019
Lightning Talk Aqua Security
Securing Containers on Red Hat OpenShift

A

Buddy, my name is Diego I'm from sorry I'm from aqua. So let's talk about security, because it's going to matter to you a lot. You see that poisonous images poisonous workload rug containers are starting to become more and more common. You have the Tesla arc and additional vulnerabilities that are found any day and every day, so open shift and containers basically introduce a new set of problems and not enough tools to manage them out of the box. Kubernetes. It's not secure, be aware of that open shift did a very good job, read up ready.

B

Ok,.

A

Did a very good job protecting and making their environment safer, but still there are much more things to achieve. Even that occur based on the lecture that I heard today, version 4 supposed to be much more secure. So here is aqua. We are three years company and we are spread over all over the world and we do security for native cloud, payloads native native appreciated cloud applications. We know how to integrate with all the different orchestras that exist. We are very seamless integration with openshift.

A

It's deploying workloads, basically deploying a service in a daemon set and automatically in about 10 minutes. You have everything running and configured. We have the ability to integrate with the image streams of openshift, so we will be able to scan the images from the openshift registry and also we have the ability to search the images. If you're looking to see exactly what images exist over there, you can schedule scanning and more, and you can understand what is your posture in your image?

A

You can understand what vulnerabilities you have, what components of your veneer and every image and you can define if you want to deploy the image or lock the deployment. You can see that, basically, when you will try to deploy the image aqua will be able to stop that and give you a notification. So no poisonous image can be deployed unknown, compatible image will be deployed not only that we are able to integrate with s2i, so we basically can scan and be part of your pipeline.

A

So the integration with scanning will be seamless and will be automated, because everybody knows shift left is better right, just verifying the dotting change in the last so basically as a mission would be disagreeable to integral to the s2i and scan images at the run.

A

Now we are also able to protect containers from becoming rock containers or from container drift so where somebody is abusing that listing container and trying to do a lateral movement to another system or execute different payloads that you don't allow like crypto mining, ransomware and everything, so we are able to identify and try and block without killing your payload any offending action that exists. In addition, knowledge is power, so we know how to push all of the information that we gather to different a scene or different systems.

A

So you will be able to see the big picture. So now your NOC or sock not only will show you your system or your kubernetes information, openshift information, but also we will be able to show you the security posture and what security events you have in that system. So you have a full visibility of what exact happen and more and the context of the information is based on your open sheet. It will be deployment, namespace, sorry, deployment, name, space, nice space names for the word nevermind and on.

A

In addition, we are very big contributors to the open source systems, so we have a set of tools that are open to use free. You also can contribute to them. We have the cue banter that it's basically automated pen testing for kubernetes. We are working on a version for open ships also, but it's much more harder. I won't buy lunch.

A

It's basically allows you to fight all the MIS configuration in kubernetes. You have the cube bench that basically is allowed to find and define the difference between you, you're kubernetes installation and your this case for kubernetes version for a per shift and the micro scanner. That is basically an executable that you can use free of use as to scan your images to make sure what TVs you have over there and what type of Faerie changes you need to do in order to be more secure doesn't require any registration.

A

You can run it on s2i, on a dock, on the server and during the creation of the image, and it can integrate two different pipelines like Jenkins and other good stuff. Thank you, our booties, on the left and to the right, and we have semi cool giveaways, so feel free to come. Yes,.

B

Just semi-cool all right, thank you.

B

You.

B

You.