Vinay Bansal Security Architect, Cisco Systems Oct. 2016 Continuous Security – Securing Clouds in a DevOps World
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Vinay Bansal
Security Architect, Cisco Systems
Oct. 2016
Continuous Security –Securing Clouds in a DevOps World
• Cloud and Devops
• Why traditional security does not help
• Automation Demo
• Building Security with Devops• Security is visible
• Security is Automated
• Security Individuals Embedded
• Key Takeaways
Outline
Nexus of Four Forces
Cloud
Agile
Devops
Stack
Security: Traditional vs. New Reality
• Security Slows down
• Security always says “No”
• Infosec not embracing new norms• Cloud
• Agile
• Virtualization
Devops : Security Preconception
DevOps Reaction to Security
Breaches and Security Threats on Rise
1. Insecure Configs and Setups
2. Stack (Opensource) Vulnerabilities
3. Credential Management
4. Appcode (homegrown) Vulnerabilities
5. Lack of Active Log Analysis and Monitoring
Top Reasons for Security Incidents
• 100 % Security – Right?
What is Security Goal?
What is Security Goal?
How ?
Security Automation: Demo
MULTIPLE DEPLOYMENT MODELS
NORAD CLOUD(SECaaS)
• Plug and Play for users
NORAD HYBRID• User leverage Norad
Relay machine to
preform scans of
private assets
• Results still stored in
Norad Cloud
ENTERPRISE
• On-site deployment of all Norad infrastructure
Demo
NORAD Capabilities- Current and Planned
Platform Features
• Blackbox and Whitebox testing
• Cloud, hybrid, and on-prem operational models
• Web UI for defining assets, launching tests, and
viewing results
• Full API support for automation
• Cross-platform agent
• Cisco SSO integration
• Email notifications
• Community-based model for adding and
developing security test content
• Security containers for security tests
Security Tests Included
• Qualys vulnerability scanning
• Qualys WAS testing (OWASP top 10 testing)
• Qualys Compliance Check Scanning
• CIS Server Benchmarks
• CIS Docker Host hardening validation
• Docker Image vuln scanning
• OpenStack hardening validation
• Nmap/sslyze crypto tests
• Credentials brute-force testing
• CSDL PSB Validation (12)SEC-OPS-PUBCRYP-2, SEC-OPS-STRENGTH, SEC-DEF-CRED-2, SEC-INT-CRED-2, SEC-CRY-PRM, SEC-AUT-ACCDEF, SEC-CRY-STDCODE, SEC-509-CERTEXT, SEC-509-CHAIN, SEC-509-FQDN, SEC-509-LIFETIME, SEC-509-REVOKE
Questions?
Related Documents
