DevOpsDays Chicago 2017 - Delivering Continuous Security with Docker by Matthew Schlue

Channel:
United States Confreaks
Subscribers:
42,400
Published on ● Video Link: https://www.youtube.com/watch?v=3Rjp2yNy9R8


Duration: 33:57
220 views
0

DevOpsDays Chicago 2017 - Delivering Continuous Security with Docker by Matthew Schlue

With the trend towards increased usage of containerization, has your companies security practices kept pace? Many popular vulnerability scanners only examine the host OS, making it easier for CVE’s to go unnoticed. In this talk we explore how to identify and protect against vulnerable containers.

While containerization technologies such as Docker have many well-understood benefits, there are some non-obvious caveats that can impact the security of the overall platform. When vulnerabilities like Heartbleed are announced, DevOps teams often need to race to patch an array of impacted systems. But which containers are affected? Which systems need the most immediate attention? What change control must be observed in order to meet strict regulatory and compliance requirements?

In this talk, we will explore some of the issues my company has encountered as they’ve moved their infrastructure to an entirely container-based platform on AWS. We will cover some of the tooling required in order to quickly move bug fixes and security updates to production, and methods my team has developed to programmatically identify CVE’s and remove older, vulnerable containers that would be unsuitable for production rollbacks. These methods will be presented as additions made to a common CI/CD pipeline to deliver continuous security improvements when shipping software.



Other Videos By Confreaks


2017-09-26DevOpsDays Chicago 2017 - Ignites- Devops Deeper Thoughts by Not Jack Handey by Joshua Zimmerman
2017-09-26DevOpsDays Chicago 2017 - Ignites- The Five Dirty Words of CI by J. Paul Reed
2017-09-26DevOpsDays Chicago 2017 - Ignites- Why Are You So Angry?... by Soo Choi
2017-09-26DevOpsDays Chicago 2017 - Ignites- Lending Privilege by Anjuan Simmons
2017-09-26DevOpsDays Chicago 2017 - Ignites- Escaping the Black Hole of Release Management by Jeffrey Sykes
2017-09-26DevOpsDays Chicago 2017 - Ignites- Your Body's Configuration is Important, too by Peter Piekarczyk
2017-09-26DevOpsDays Chicago 2017 - Ignites- Don't be a Bystander, be an Incident Commander! by Rachael Byrne
2017-09-26DevOpsDays Chicago 2017 - Ignites- Title: Management or Technical? by Michael Stahnke
2017-09-26DevOpsDays Chicago 2017 - Ignites- Containers, Virtual Machines... by Nell Shamrell-Harrington
2017-09-26DevOpsDays Chicago 2017 - Ignites- How to DevOpsDays by Joe Nuspl
2017-09-26DevOpsDays Chicago 2017 - Delivering Continuous Security with Docker by Matthew Schlue
2017-09-26DevOpsDays Chicago 2017 - You Have A Data Lake, Now What? by Alison Stanton
2017-09-26DevOpsDays Chicago 2017 - Burnout: Community Problem & Community Solution by Jason Yee
2017-09-26DevOpsDays Chicago 2017 - Graphs: The Fabric of DevOps by Ashley Sun
2017-09-26DevOpsDays Chicago 2017 - DevOps Practices for the Database Team by Pramod Sadalage
2017-09-26DevOpsDays Chicago 2017 - Devaluing Hard Work by Katie Prizy
2017-09-26DevOpsDays Chicago 2017 - Automating myself out of a job... by Jahmel Harris
2017-09-26DevOpsDays Chicago 2017 - Serverless Architecture in Azure by Rob Richardson
2017-09-26DevOpsDays Chicago 2017 - Getting Good At System Failure Analysis by Paul Hinze
2017-09-26DevOpsDays Chicago 2017 - Diversity is Not Just a Checklist by Rhea Ghosh
2017-09-26DevOpsDays Chicago 2017 - Security, Don't Fear the DevOps by Bill Weiss