SlideShare una empresa de Scribd logo

Container Security Using Microsoft Defender

Rahul Khengare
Rahul Khengare

Microsoft Defender for Containers provides security for container workloads running on Kubernetes. It monitors clusters for misconfigurations and vulnerabilities, provides runtime threat detection, and generates alerts. It works across multiple clouds by deploying agents and daemons to collect security signals from the API server, nodes, and images. A demonstration showed Microsoft Defender in action monitoring container workloads.

Tecnología
1 de 20
Descargar para leer sin conexión
Container Security with Microsoft Defender Rahul Khengare 18th Mar 2023 DevOps-Pune Meetup Group
About Me Sr. Staff Engineer, Zscaler ◎ Cloud Security/DevOps/DevSecOps/SRE ◎ Blogger (oss-world, thesecuremonk) ◎ Co-Organizer ○ DevOps-Pune, DevSecOps-Pune ◎ Open Source Software and CIS Contributor ◎ Past Organization: Cloudneeti, Motifworks, NTT Data ◎ https://www.linkedin.com/in/rahulkhengare
Agenda ◎ Need for Container Security ◎ Overview of Microsoft Defender for Cloud ◎ Microsoft Defender Capabilities ◎ How it works ◎ Demo
How you are securing the container workloads?
Known Practices ◎ Use of private registry and trusted images ◎ Continuous Vulnerability scanning of images (Trivy, Encore) ◎ Limit container privileges ◎ Use of network segmentation ◎ Implement least privilege access (RBAC) ◎ Logging and Monitoring ◎ Implement runtime security for threat detection ◎ Preventive and detective policies - Kyverno ◎ Security and Compliance Audits ◎ Certificates, securing endpoints ◎ Many More …
“ 93% experienced at least one security incident in their Kubernetes environments in the last 12 months - State of Kubernetes security report * Kubernetes adoption, security, and market trends report 2022
Microsoft Defender What it is? Capabilities? How it works?
Overview of Microsoft Defender for container ◎ Cloud Native solution to ○ Improve ○ Monitor ○ Maintain the security of your clusters, containers, and their applications. ◎ Multi-cloud Supports K8s offering and registries from different CSP like EKS, GKE, ECR ◎ Kubernetes Native Deployment at Scale ◎ Provides Security Alerts and Remediation Capabilities RUN TIME Threat Detection ENVIRONMENT HARDENING Cluster Configurations Vulnerability Container Image Container Security
Environment Hardening 9 ◎ Continuous monitoring of your Kubernetes clusters ○ Wherever they're hosted [AWS - EKS, Azure - AKS, GCP - GKE, On-Premise (using ARC)] ○ Continuously assess clusters to provide visibility of misconfigurations ○ Provide Guidelines to mitigate the issues ◎ Kubernetes data plane hardening ○ Azure Policy add on ◉ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. ○ Defender Daemonset ◉ Deployed to each worker node, collects security-related data and sends it to Defender for analysis. Required for runtime protections and security capabilities
Environment Hardening 10
Vulnerability Assessment 11 ◎ Supports Azure ACR and AWS ECR ◎ Triggers ○ On push ○ Recently pulled ○ On import ○ Continuous scan based on an image pull and for running images ◎ View and remediate findings ◎ Disable specific findings like severity below medium, non patchable findings
Runtime Threat Protection 12 ◎ Provides real-time threat protection ◎ Generates alerts for suspicious activities ◎ Threat protection at the cluster level ○ Provided by the Defender agent and analysis of the Kubernetes audit logs. ◎ Threat protection at Host level ◎ Monitors the attack surface of multi cloud Kubernetes deployments based on MITRE ATT&CK® matrix for Containers ◎ Examples: ○ Exposed Kubernetes dashboards, High-privileged roles, Sensitive mounts ○ Anomalous secret access, Detected suspicious file download, Possible backdoor detected
Runtime Protection - Alerts 13
How it works 14 ◎ Defender for Containers receives and analyzes: ○ Audit logs and security events from the API server ○ Cluster configuration information from the control plane ○ Workload configuration from Azure Policy ○ Security signals and events from the node level ◎ Components deployed ○ Azure Policy add on ◉ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. [azure-policy, azure-policy-webhook] ○ Defender Profile Daemonset ◉ Deployed to each node provides the runtime protections and collects signals from nodes using eBPF technology. [Microsoft-defender-collector-ds, microsoft-defender-publisher-ds, microsoft-defender-collector-misc]
How it works for AKS 15
How it works for EKS 16
How it works for GKE 17
Demo Defender in Action…
Thanks! Any questions?
References ◎ Microsoft Defender for container ◎ Runtime alerts for Kubernetes cluster ◎ Azure provided container recommendations ◎ Vulnerable K8s for testing ◎ Azure Policies for K8s

Recomendados

Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 

Recomendados

Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfErikHof4
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for BusinessRobert Crane
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture Maganathin Veeraragaloo
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021Matt Soseman
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnativeFrederik Mogensen
 
AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23Rahul Khengare
 

Más contenido relacionado

La actualidad más candente

Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfErikHof4
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for BusinessRobert Crane
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021Matt Soseman
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 

La actualidad más candente (20)

Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep dive
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilient
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 

Similar a Container Security Using Microsoft Defender

Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnativeFrederik Mogensen
 
AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23Rahul Khengare
 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertContainerDay Security 2023
 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertContainerDay Security 2023
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...Eric Smalling
 
Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017Jose Manuel Ortega Candel
 
[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native EnvironmentsWSO2
 
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...Ridwan Fadjar
 
Mitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVMMitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVMApostolos Giannakidis
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Cloud Native Day Tel Aviv
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureCloudVillage
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security ProfessionalHatem ElSahhar
 
Hardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing PodsHardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing PodsSuraj Deshmukh
 
DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses Docker, Inc.
 
Using Docker Platform to Provide Services
Using Docker Platform to Provide ServicesUsing Docker Platform to Provide Services
Using Docker Platform to Provide ServicesGLC Networks
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 

Similar a Container Security Using Microsoft Defender (20)

Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnative
 
AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23
 
Testing Docker Images Security
Testing Docker Images SecurityTesting Docker Images Security
Testing Docker Images Security
 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz Eckert
 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz Eckert
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
 
Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017
 
[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments
 
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
 
Mitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVMMitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVM
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional
 
Hardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing PodsHardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing Pods
 
Hello, Docker!
Hello, Docker!Hello, Docker!
Hello, Docker!
 
DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses
 
Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017Testing Docker Security Linuxlab 2017
Testing Docker Security Linuxlab 2017
 
Using Docker Platform to Provide Services
Using Docker Platform to Provide ServicesUsing Docker Platform to Provide Services
Using Docker Platform to Provide Services
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Último (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Container Security Using Microsoft Defender

  • 1. Container Security with Microsoft Defender Rahul Khengare 18th Mar 2023 DevOps-Pune Meetup Group
  • 2. About Me Sr. Staff Engineer, Zscaler ◎ Cloud Security/DevOps/DevSecOps/SRE ◎ Blogger (oss-world, thesecuremonk) ◎ Co-Organizer ○ DevOps-Pune, DevSecOps-Pune ◎ Open Source Software and CIS Contributor ◎ Past Organization: Cloudneeti, Motifworks, NTT Data ◎ https://www.linkedin.com/in/rahulkhengare
  • 3. Agenda ◎ Need for Container Security ◎ Overview of Microsoft Defender for Cloud ◎ Microsoft Defender Capabilities ◎ How it works ◎ Demo
  • 4. How you are securing the container workloads?
  • 5. Known Practices ◎ Use of private registry and trusted images ◎ Continuous Vulnerability scanning of images (Trivy, Encore) ◎ Limit container privileges ◎ Use of network segmentation ◎ Implement least privilege access (RBAC) ◎ Logging and Monitoring ◎ Implement runtime security for threat detection ◎ Preventive and detective policies - Kyverno ◎ Security and Compliance Audits ◎ Certificates, securing endpoints ◎ Many More …
  • 6. “ 93% experienced at least one security incident in their Kubernetes environments in the last 12 months - State of Kubernetes security report * Kubernetes adoption, security, and market trends report 2022
  • 7. Microsoft Defender What it is? Capabilities? How it works?
  • 8. Overview of Microsoft Defender for container ◎ Cloud Native solution to ○ Improve ○ Monitor ○ Maintain the security of your clusters, containers, and their applications. ◎ Multi-cloud Supports K8s offering and registries from different CSP like EKS, GKE, ECR ◎ Kubernetes Native Deployment at Scale ◎ Provides Security Alerts and Remediation Capabilities RUN TIME Threat Detection ENVIRONMENT HARDENING Cluster Configurations Vulnerability Container Image Container Security
  • 9. Environment Hardening 9 ◎ Continuous monitoring of your Kubernetes clusters ○ Wherever they're hosted [AWS - EKS, Azure - AKS, GCP - GKE, On-Premise (using ARC)] ○ Continuously assess clusters to provide visibility of misconfigurations ○ Provide Guidelines to mitigate the issues ◎ Kubernetes data plane hardening ○ Azure Policy add on ◉ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. ○ Defender Daemonset ◉ Deployed to each worker node, collects security-related data and sends it to Defender for analysis. Required for runtime protections and security capabilities
  • 11. Vulnerability Assessment 11 ◎ Supports Azure ACR and AWS ECR ◎ Triggers ○ On push ○ Recently pulled ○ On import ○ Continuous scan based on an image pull and for running images ◎ View and remediate findings ◎ Disable specific findings like severity below medium, non patchable findings
  • 12. Runtime Threat Protection 12 ◎ Provides real-time threat protection ◎ Generates alerts for suspicious activities ◎ Threat protection at the cluster level ○ Provided by the Defender agent and analysis of the Kubernetes audit logs. ◎ Threat protection at Host level ◎ Monitors the attack surface of multi cloud Kubernetes deployments based on MITRE ATT&CK® matrix for Containers ◎ Examples: ○ Exposed Kubernetes dashboards, High-privileged roles, Sensitive mounts ○ Anomalous secret access, Detected suspicious file download, Possible backdoor detected
  • 13. Runtime Protection - Alerts 13
  • 14. How it works 14 ◎ Defender for Containers receives and analyzes: ○ Audit logs and security events from the API server ○ Cluster configuration information from the control plane ○ Workload configuration from Azure Policy ○ Security signals and events from the node level ◎ Components deployed ○ Azure Policy add on ◉ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. [azure-policy, azure-policy-webhook] ○ Defender Profile Daemonset ◉ Deployed to each node provides the runtime protections and collects signals from nodes using eBPF technology. [Microsoft-defender-collector-ds, microsoft-defender-publisher-ds, microsoft-defender-collector-misc]
  • 15. How it works for AKS 15
  • 16. How it works for EKS 16
  • 17. How it works for GKE 17
  • 20. References ◎ Microsoft Defender for container ◎ Runtime alerts for Kubernetes cluster ◎ Azure provided container recommendations ◎ Vulnerable K8s for testing ◎ Azure Policies for K8s