Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Barun Acharya
2022-10-26
tldr - powered by Generative AI
Cube armor is a cloud native runtime security enforcement system that provides fine-grained access control on container entities, with a declarative way to manage policies for access control, inline policy enforcement, and Telemetry data with context.
- Cube armor provides fine-grained access control on container entities
- Cube armor offers a declarative way to manage policies for access control
- Cube armor has inline policy enforcement
- Cube armor provides Telemetry data with context
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Andrew Martin
2022-10-26
tldr - powered by Generative AI
The presentation discusses the importance of threat modeling and supply chain security in DevOps and provides best practices for securing the supply chain.
- Threat modeling is important to bring quantifiability and reason to abstract threats and to identify attack paths.
- The Stride process and standards documents can be used to exhaust potential permutations of threats and identify simple controls to cover as many cases as possible.
- The attack tree is a visual representation of an attack and can be used to multiply likelihood and impact to give abstract risk scores.
- Layering controls across the branches of the attack tree can break the attack chain and provide a minimum viable set of security configurations.
- Pipeline metadata is important for piecing things back together and giving a different type of observation.
- Best practices for securing the supply chain include using S-bombs, artifact signing, and evidence leaks and ledgers.
- Measuring SAL level and mean time to remediation are useful indicators of vendor maturity.
- Retrofitting and slowly maturing the supply chain is important.
- Asking vendors for S-bombs is a closer first step than asking for SAL level.
Tags:
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Leonardo Grasso, Jason Dellaluce
2022-05-18
This track will walk you through the astonishing things happening in Falco: a cloud-native runtime security project, the de facto Kubernetes threat detection engine. Two core maintainers, Jason and Leonardo, will give you a practical overview of Falco and its history but also updates on recently introduced features and the evolution of its ecosystem. This talk will deep dive into a new and very amazing feature introduced in Falco: the plugin system! Plugins are a game-changer, making Falco evolve to the next level: the all-in-one tool for cloud security and this maintainer track will show you how!Click here to view captioning/translation in the MeetingPlay platform!