Graylog and Sysmon
Jeff Darrington is back and he giving you a quick lowdown on logging Sysmon events through Graylog Illuminate.
Operations | Monitoring | ITSM | DevOps | Cloud
The Place Where Modern Operations & Technology Come Together
Completing the security testing automation cycle
DevOps, DevSecOps and CI/CD are synonymous with one word - automation. Automating their workflows gives developers the ability to deliver consistency, time savings, and useful insights into their software development life cycle (SDLC). But automation is only as efficient as your weakest link or most cumbersome bottleneck, which can sometimes be security testing. Security testing has traditionally been carried out either manually or quite late in the process.
Making CI/CD Work with Serverless
As a developer, serverless lets you concentrate on what you do best: building your product. What happens when we want to implement a CI/CD flow with the serverless mindset? A supercharged CI/CD flow. In this webinar, AWS Serverless Hero and Lumigo VP Engineering Efi Merdler-Kravitz will present Lumigo’s own journey in building a 100% serverless CI/CD pipeline.
Threats targeting Kubernetes and Defences
Attackers are continuously evolving their techniques to target Kubernetes. They are actively using Kubernetes and Docker functionality in addition to traditional attack surfaces to compromise, gain required privileges and add a backdoor entry to the clusters. A combination of Kubernetes security and observability tools is required to ensure the cloud infrastructure monitoring and lockdown and to enable DevSecOps teams with the right tools for the job.
Securing Kubernetes workloads at Discover Financial Services
It’s a daunting task starting down the path to securing your workloads running on Kubernetes in the Cloud. There are no shortages of vendors with great tools in the Cloud security space. There is a multitude of domains that must be accounted for, along with internal challenges in bringing an organization along into new ways of thinking. This talk will focus on Discover’s Cloud security journey, with an overview of how the program has evolved over the last 4 years, key capabilities & concepts that have been embraced and challenges faced.
Applying policy as code in the modern cloud-ready enterprise: Graeme Hay, Morgan Stanley
Join us as we look at the advantages, but also the practical challenges, of applying modern, policy-as-code ("PaC") approaches in a modern cloud-ready enterprise. This talk will show how Morgan Stanley is drawing upon years of experience in its own proprietary implementation of PaC in its approach to embracing today's ideas. We will look at a diverse set of considerations from GitOps as a method to applying PaC in modern software development and deployment to enforcement of best practices and compliance in the Cloud.
The Crossroad of Security & Observability in Kubernetes: A Fireside Chat
Security as an afterthought is no longer an option and must be deeply embedded in the design and implementation of the products that will be running in the cloud. It is increasingly more critical for many security teams to be almost, if not equally, knowledgeable of the emerging and rapidly evolving technology. Join Manish Sampat from Tigera, as explores the topic in detail with Stan Lee from Paypal.
Observations from the field: Best Practices for Securing your Kubernetes Clusters
Security is critical for your Kubernetes-based applications. Join this session to learn about the security features and best practices for safeguarding your Kubernetes environments.
Upgrading DevSecOps with compliance automation - Bryan Langston, Mirantis
Compliance automation is a commonly overlooked area of Kubernetes observability. The question is: how do you automate compliance to a security framework that isn’t well understood by DevSecOps teams to begin with? This lack of understanding contributes to mismanaged compliance efforts and in a worst-case scenario, audit exposures and organizational risk. This talk will walk through an example of how to 1) map compliance controls to specific Kubernetes technical configuration 2) automate the assessment of those controls 3) visualize the assessment results. DevSecOps teams will better understand how to incorporate compliance automation alongside security automation.
Building secure and observable Kubernetes platforms for scaled software delivery
"Companies of various sizes are building their applications on Kubernetes because it provides significant operational benefits like autoscaling, self-healing, extensibility, and declarative deployment style. However, the operational benefits are only a starting point down the path of building a secure and observable platform that enables the continuous delivery of application workloads. This session shows how to build a fully operational platform, leveraging platform-oriented building blocks to address network security and observability.