This page is fully or partially automatically translated.

Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Header of SUSE Software Solutions Germany GmbH
Forums it-sa Expo 2023 Knowledge Forum E

SUSE NeuVector: K8's Zero Trust Security & Compliance Ready to Go

To better protect cloud-native applications and operate CI/CD pipelines securely and compliantly, organisations need new strategies.

calendar_today Thu, 12.10.2023, 09:45 - 10:00

event_available On site

place Knowledge Forum E

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Trend topic

Key Facts

  • Zero trust security, WAF and CVE scanning in one solution
  • Risk assessments and compliance reports out of the box
  • Automated prevention and policies

Event

This action is part of the event Forums it-sa Expo 2023

Action Video

grafischer Background
close

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

Containerised applications and Kubernetes infrastructures are increasingly becoming the focus of attackers. However, conventional security products cannot adequately protect these highly dynamic environments from growing risks. 
In order to proactively counter the new threat situation, more and more companies are therefore opting for a zero-trust strategy. This security concept assumes that users, applications, networks, servers, services and APIs - whether internal or external - cannot be trusted until proven otherwise.
How can the Zero Trust principle be applied in a container environment? Holger Moenius will talk about this in his presentation. 
In his view, five measures are particularly important:

1. Protect the entire container supply chain.
To protect the entire supply chain from threats, IT departments must ensure that all components - including the Kubernetes software itself - come from trusted sources. Before container images are deployed in an environment, they should therefore go through a comprehensive verification process. Only with verified images can you ensure that your clusters are not compromised by compromised containers or malicious code.

2. Eliminate sources of error through automation
In highly dynamic Kubernetes environments, it is important to automate the protection measures as much as possible. An important tool for this is Custom Resource Definitions (CRDs), for example. DevOps teams can use them to declare the permissible behaviour of their container workloads, which is then automatically monitored in a production environment.
 
3.Identify vulnerabilities through regular vulnerability scans.
There are now a variety of solutions for vulnerability management in the container environment. Automated tools provide a quick overview of known vulnerabilities in real time and give recommendations on how to fix them. Anomaly-based methods are also able to detect new vulnerabilities that are exploited by attackers. With virtual patch functions, IT departments can also reliably block these zero-day exploits.
4. Control container communication through segmentation.
Container segmentation in Kubernetes clusters ensures that only authorised communication between applications is allowed and unauthorised communication is consistently restricted. This makes it easier to prevent unauthorised access and enforce individual security policies for different groups of applications.

5. Allocate access rights according to the least privilege principle.
Role Based Access Control (RBAC) in Kubernetes environments ensures that users can only perform the actions for which they are authorised. Always be restrictive when assigning access rights and limit access to the data and resources that are actually needed for the task at hand.

Container environments can only be protected against growing cyber risks with largely automated security architectures. A solution developed precisely for this purpose is NeuVector Prime. The container security platform integrates various key technologies such as zero-trust security, WAF and CVE scans to automatically secure the entire container pipeline from creation to delivery to execution.

NeuVector Prime also helps organisations meet compliance guidelines when moving to Kubernetes and cloud-native infrastructures. To simplify reporting for audits, NeuVector Prime offers pre-configured, customisable reports for PCI, DSGVO, HIPAA and NIST compliance. This enables compliance out-of-the-box in the container environment.

Further information: https://www.suse.com/products/neuvector/

... read more

Language: German

Questions and Answers: No

Speaker

show more
close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.