Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Getting Started with Runtime Security on Azure Kubernetes Service (AKS)

Download as PPTX, PDF
DevOps.com
DevOps.com

This document discusses runtime security on Azure Kubernetes Service (AKS). It begins by introducing AKS and how it simplifies Kubernetes deployment and management. It then discusses the security concerns with containers and the need for runtime security. Runtime security involves monitoring activity within containers to detect unwanted behaviors. The document outlines how Sysdig provides runtime security for AKS through its agents that collect syscall data and Kubernetes audit logs. It analyzes this data using policies to detect anomalies and threats across containers, hosts, and Kubernetes clusters. Sysdig also integrates with other tools like Falco and Anchore to provide breadth and depth of security.

Related slideshows

Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
 
Why Kubernetes on Azure
Why Kubernetes on AzureWhy Kubernetes on Azure
Why Kubernetes on Azure
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
1 of 17
Getting Started with Runtime Security on Azure Kubernetes Service Eric Carter Director, Partner Marketing Sysdig
| Sysdig Inc. Kubernetes: Default OS for Cloud • Speed innovation • Drive efficiency UI APPLICATION DATABASE COMPUTE DATA 2 Kubernetes Microservices Cloud
| Sysdig Inc. Azure Kubernetes Service (AKS) • Managed Kubernetes on Microsoft Azure • Designed to simplify the deployment, management, and operations of Kubernetes • Automated upgrades, patches • High reliability and availability • Easy and secure cluster scaling • Self-healing • API server monitoring • Control plane at no charge 3
| Sysdig Inc. Security Concerns 4 Sysdig 2021 container security and usage report: Shifting left is not enough – January 13, 2021 https://sysdig.com/blog/sysdig-2021-container-security-usage-report/
| Sysdig Inc. What is Runtime? 5
| Sysdig Inc. What is Container Runtime Security? • Protection for running containers and application environment • Analysis of activity - containers, hosts, network connections, files, etc. • Detection and prevention of unknown, unexpected, and unwanted behavior 6 Key workflow for securing production containers and Kubernetes
| Sysdig Inc. What’s happening inside? Where is it happening? Where did it go? Visibility Challenges with Containers
| Sysdig Inc. Runtime Security for Azure Containers Azure / AKS Host (node) Container 1 Container 2 Container 3 Observe runtime events from syscall data actions, enforcement Event details HosteBPF Program / kernel module ContainerVision™ Filter with rules 8
| Sysdig Inc. Viewing Data with Kubernetes Context 9 Distributed container workloads service 1 service 2 service 3 service 4 Organized view of services, apps, pods, etc. ServiceVision™ “Show me security events by namespace and pod” AKS / Kubernetes Metadata
| Sysdig Inc. Sysdig Agent API calls Users Workloads Interactions with the Kube API registered K8s audit log events checked against policies Security Events e.g., RBAC tampering Activity Audit e.g., Kubectl exec Kubernetes Audit Log Kube API activity logs automatically ingested Runtime Security Policies Example Detections ● Did someone store credentials in a configmap versus secrets? ● Who is exec’ing into a pod and modify a file? Where was it initiated from? ● Are users escalating privileges via RBAC? Sysdig Secure Devops Platform AKS Incorporating AKS Audit Log Data 10
| Sysdig Inc. Kernel eBPF Probe Falco K8s audit logs Syscall data Open-Source Falco Kernel eBPF Probe K8s audit logs Syscall data Sysdig Secure Sysdig Secure ● Alert on malicious events ● DIY responses ● Alert on malicious events ● Automatic remediation ● OOB policies (MITRE detection, compliance, FIM etc) ● K8s native prevention ● SIEM forwarding ● Alerting integrations Sysdig Secure Devops Platform 11 Runtime Security Based on Falco
| Sysdig Inc. Why Sysdig for Runtime Security? Depth ○ Open source Falco based detection engine ○ Out of the box, community driven rules ○ Save time with OOB policies or create custom policies Breadth ○ Combine data sources - syscalls, audit logs, kubernetes context Single policy interface ○ Detect threats across containers, hosts, Kubernetes/AKS ○ Manage ‘Policy as code’ Secure containers, Kubernetes and cloud services Sysdig Secure Sysdig Monitor Anchore Engine 12
| Sysdig Inc. Runtime Security for Payment Processing ▸ Difficulty scaling visibility across cloud environments ▸ No way to effectively police and audit activity ▸ Proving PCI compliance Challenge ▸ SaaS-based security and monitoring with Sysdig ▸ Automated runtime analysis & intrusion detection ▸ Activity auditing from syscall data & K8s audit logs Solution ▸ Achieved results in minutes with fast onboarding ▸ Improved communication between DevOps & security ▸ Simplified achieving PCI compliance ▸ Reduced operational overhead by 50% Results 13 Deliver modern payment solutions with containers and Kubernetes • Container Platform Engineering • Cloud Security Architect
Demo!
| Sysdig Inc. Sysdig Secure Sysdig Monitor Security built on open source foundation Deep visibility to run apps confidently Scale simply with SaaS and DevOps integrations Secure containers, Kubernetes and cloud services Sysdig Secure DevOps Platform Anchore Engine 15
What next? Take a test drive! https://sysdig.com/trial Join us for future sessions! Download security and monitoring guide https://sysdig.com/partners/microsoft-azure/
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)

More Related Content

Getting Started with Runtime Security on Azure Kubernetes Service (AKS)

  • 1. Getting Started with Runtime Security on Azure Kubernetes Service Eric Carter Director, Partner Marketing Sysdig
  • 2. | Sysdig Inc. Kubernetes: Default OS for Cloud • Speed innovation • Drive efficiency UI APPLICATION DATABASE COMPUTE DATA 2 Kubernetes Microservices Cloud
  • 3. | Sysdig Inc. Azure Kubernetes Service (AKS) • Managed Kubernetes on Microsoft Azure • Designed to simplify the deployment, management, and operations of Kubernetes • Automated upgrades, patches • High reliability and availability • Easy and secure cluster scaling • Self-healing • API server monitoring • Control plane at no charge 3
  • 4. | Sysdig Inc. Security Concerns 4 Sysdig 2021 container security and usage report: Shifting left is not enough – January 13, 2021 https://sysdig.com/blog/sysdig-2021-container-security-usage-report/
  • 5. | Sysdig Inc. What is Runtime? 5
  • 6. | Sysdig Inc. What is Container Runtime Security? • Protection for running containers and application environment • Analysis of activity - containers, hosts, network connections, files, etc. • Detection and prevention of unknown, unexpected, and unwanted behavior 6 Key workflow for securing production containers and Kubernetes
  • 7. | Sysdig Inc. What’s happening inside? Where is it happening? Where did it go? Visibility Challenges with Containers
  • 8. | Sysdig Inc. Runtime Security for Azure Containers Azure / AKS Host (node) Container 1 Container 2 Container 3 Observe runtime events from syscall data actions, enforcement Event details HosteBPF Program / kernel module ContainerVision™ Filter with rules 8
  • 9. | Sysdig Inc. Viewing Data with Kubernetes Context 9 Distributed container workloads service 1 service 2 service 3 service 4 Organized view of services, apps, pods, etc. ServiceVision™ “Show me security events by namespace and pod” AKS / Kubernetes Metadata
  • 10. | Sysdig Inc. Sysdig Agent API calls Users Workloads Interactions with the Kube API registered K8s audit log events checked against policies Security Events e.g., RBAC tampering Activity Audit e.g., Kubectl exec Kubernetes Audit Log Kube API activity logs automatically ingested Runtime Security Policies Example Detections ● Did someone store credentials in a configmap versus secrets? ● Who is exec’ing into a pod and modify a file? Where was it initiated from? ● Are users escalating privileges via RBAC? Sysdig Secure Devops Platform AKS Incorporating AKS Audit Log Data 10
  • 11. | Sysdig Inc. Kernel eBPF Probe Falco K8s audit logs Syscall data Open-Source Falco Kernel eBPF Probe K8s audit logs Syscall data Sysdig Secure Sysdig Secure ● Alert on malicious events ● DIY responses ● Alert on malicious events ● Automatic remediation ● OOB policies (MITRE detection, compliance, FIM etc) ● K8s native prevention ● SIEM forwarding ● Alerting integrations Sysdig Secure Devops Platform 11 Runtime Security Based on Falco
  • 12. | Sysdig Inc. Why Sysdig for Runtime Security? Depth ○ Open source Falco based detection engine ○ Out of the box, community driven rules ○ Save time with OOB policies or create custom policies Breadth ○ Combine data sources - syscalls, audit logs, kubernetes context Single policy interface ○ Detect threats across containers, hosts, Kubernetes/AKS ○ Manage ‘Policy as code’ Secure containers, Kubernetes and cloud services Sysdig Secure Sysdig Monitor Anchore Engine 12
  • 13. | Sysdig Inc. Runtime Security for Payment Processing ▸ Difficulty scaling visibility across cloud environments ▸ No way to effectively police and audit activity ▸ Proving PCI compliance Challenge ▸ SaaS-based security and monitoring with Sysdig ▸ Automated runtime analysis & intrusion detection ▸ Activity auditing from syscall data & K8s audit logs Solution ▸ Achieved results in minutes with fast onboarding ▸ Improved communication between DevOps & security ▸ Simplified achieving PCI compliance ▸ Reduced operational overhead by 50% Results 13 Deliver modern payment solutions with containers and Kubernetes • Container Platform Engineering • Cloud Security Architect
  • 14. Demo!
  • 15. | Sysdig Inc. Sysdig Secure Sysdig Monitor Security built on open source foundation Deep visibility to run apps confidently Scale simply with SaaS and DevOps integrations Secure containers, Kubernetes and cloud services Sysdig Secure DevOps Platform Anchore Engine 15
  • 16. What next? Take a test drive! https://sysdig.com/trial Join us for future sessions! Download security and monitoring guide https://sysdig.com/partners/microsoft-azure/