Implementing Secure Docker Environments At Scale Ben Bernstein CEO Twistlock (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

Implementing Secure Docker Environments At Scale Ben Bernstein CEO Twistlock (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) ben@twistlock.com

(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect

Roles & Responsibilities Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect

Roles & Responsibilities Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect Conceptual Design

Roles & Responsibilities Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect Conceptual Design Common Pitfalls

(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Security Team Design secure continuum Compliance Micro service aware active threat protection Synergy with developers Roles and Responsibilities

(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Security Team Design secure continuum Compliance Micro service aware active threat protection Synergy with developers Dev Team Vulnerabilities/patching, infrastructure, identities/access Fix  Proactively consider security Roles and Responsibilities

(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Security Team Design secure continuum Compliance Micro service aware active threat protection Synergy with developers Dev Team Vulnerabilities/patching, infrastructure, identities/access Fix  Proactively consider security Devops Team Implementation  Daily security operations Roles and Responsibilities

Today Conceptual Design

Today (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development & Staging ProductionMaintenance Security Operation Team Offline Guidance Set Policy Handle Notifications Network Set Policy Handle Notifications “IT” Operation Team Offline Communications Offline Review Set Policy Identity Handle Notifications Set Policy Platform/Host “IT” Operation Team Development Team “IT” Operation Team

Today (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development & Staging ProductionMaintenance Security Operation Team Offline Guidance Set Policy Handle Notifications Network Set Policy Handle Notifications “IT” Operation Team Offline Communications Offline Review Set Policy Identity Handle Notifications Set Policy Platform/Host “IT” Operation Team Development Team “IT” Operation Team MS

Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Milestone Review Review Setup Scripts, Security Testing, App Compliance Communicate Infra Requirements to IT Development & Staging Micro-Segmentation E-W FWs Production Updates Security Alerts / Patches Maintenance Security Operation Team Offline Guidance Set Policy Handle Notifications IPS/IDS Deception 1 st / Next Gen Firewall Network Set Policy Handle Notifications “IT” Operation Team Offline Communications Offline Review Set Policy Identity Handle Notifications Set Policy Host Configuration Compliance Traffic Encryption Data Encryption Platform/Host “IT” Operation Team Development Team “IT” Operation Team MS

Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development & Staging ProductionMaintenance Security Operation Team Offline Guidance Set Policy Handle Notifications Isolation Network Set Policy Handle Notifications “IT” Operation Team Offline Communications Offline Review Set Policy Pre-Checkin Review Code Analysis User Behavior Analytics Identity Handle Notifications Set Policy Platform/Host “IT” Operation Team Development Team “IT” Operation Team MS

Staging Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development Production Maintenance Security Operation Team Set Policy Isolation Network Set Policy Dev/Devops Team Pre-Checkin Review Code Analysis User Behavior Analytics Identity Platform/Host Dev/Devops Team Development Team “IT” Operation Team Dev/Devops/ IT Team MS Dev/Devops Team

Better & Even Yet Better Architectural Diagram

Staging Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development Production Updates Security Alerts / Patches Maintenance Security Operation Team Set Policy Handle Notifications Isolation Network Set Policy Handle Notifications Dev/Devops Team Set Policy Pre-Checkin Review Code Analysis User Behavior Analytics Identity Handle Notifications Set Policy Host Configuration Compliance Platform/Host Dev/Devops Team Development Team “IT” Operation Team Dev/Devops/ IT Team MS Delivery Review CVE checks, Signing, Base Image, Other Metadata Ports, Volumes, Devices, Processes Delivery Aware Network Restrictions Delivery Aware Anomaly Detection Delivery Aware Deception Dev/Devops Team

Staging Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development Production Updates Security Alerts / Patches Maintenance Security Operation Team Set Policy Handle Notifications Isolation Network Set Policy Handle Notifications Dev/Devops Team Set Policy Pre-Checkin Review Code Analysis User Behavior Analytics Identity Handle Notifications Set Policy Host Configuration Compliance Platform/Host Dev/Devops Team Development Team “IT” Operation Team Dev/Devops/ IT Team MS Delivery Review CVE checks, Signing, Base Image, Other Metadata Ports, Volumes, Devices, Processes Delivery Aware Network Restrictions Delivery Aware Anomaly Detection Delivery Aware Deception Dev/Devops Team Fuzzing, Sandboxing Delivery Aware Pen-Tests

(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Three Common Pitfalls Battle Tested

(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Compliance Policies  Adjust per micro-service Adjust per R&D team / Org / Application Group. Three Common Pitfalls Battle Tested

(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Compliance Policies  Adjust per micro-service Adjust per R&D team / Org / Application Group. Delivery hygiene  Monitoring only in production Monitor early in CI/CD and in production Three Common Pitfalls Battle Tested

(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Compliance Policies  Adjust per micro-service Adjust per R&D team / Org / Application Group. Delivery hygiene  Monitoring only in production Monitor early in CI/CD and in production Active Threat Protection  Trust your “application / next-gen firewall” Use “delivery aware” active threat protection Three Common Pitfalls Battle Tested

Thank you!

Implementing Secure Docker Environments At Scale Ben Bernstein CEO Twistlock (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

Similar presentations

Presentation on theme: "Implementing Secure Docker Environments At Scale Ben Bernstein CEO Twistlock (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Implementing Secure Docker Environments At Scale Ben Bernstein CEO Twistlock (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

Similar presentations

Presentation on theme: "Implementing Secure Docker Environments At Scale Ben Bernstein CEO Twistlock (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)"— Presentation transcript:

Similar presentations

About project

Feedback