Container and Cloud-Native Architectures: the Modern-day ... › wp-content › uploads › ... ·...
Transcript of Container and Cloud-Native Architectures: the Modern-day ... › wp-content › uploads › ... ·...
Ali Golshan
Co-founder & CTO
©2017 StackRox, Inc. All Rights Reserved. Proprietary and Confidential.
Container and Cloud-Native Architectures: the Modern-day Labyrinth
Ali Golshan
Co-founder & CTO
©2017 StackRox, Inc. All Rights Reserved. Proprietary and Confidential.
Why?
Containers and microservices create distributed, rapidly changing attack surfaces
Traditional security solutions don’t have container visibility
Threat landscape is not well-defined
©2017 StackRox, Inc. All Rights Reserved. Proprietary and Confidential.
Challenges
©2017 StackRox, Inc. All Rights Reserved. Propri etary and Confidential.
DevOps and Security teams
have a hard time determining
whether container
deployments have
implemented appropriate
controls & configurations to
reduce their attacksurface
Governance Runtime Defense Investigation
Security operation teams
requires threat detection &
protection for microservices
and containers in production
that maps to evolving
workflows
As a result of immutable and /
or ephemeral architecture,
containerized environments
create blind spots during
forensics investigations
©2017 StackRox, Inc. All Rights Reserved. Proprietary and Confidential.
StackRox Proprietary & Confidential
5
Foothold Movement Persistence
Indicators:
Low-privileged access to a Kube
cluster outfitted with Custom
Resource Definitions (CRDs)
Indicators:
Attacker creates a database
custom resource object managed
by a custom controller operating in
a privileged context
Indicators:
Attacker injects code to the
controller, extracts Kube secrets
from the cluster, & returns the
controller to a lower-privilege to
maintain stealth persistence
Cloud-native attacks
Example
•Focusing on “Action” not “Topology”
choke points
•Adversarial Intent Model:
• Foothold
• Persistence
• Privilege escalation
• Lateral movement
• Objectives
•Delivering context: sequence of actions
©2017 StackRox, Inc. All Rights Reserved. Proprietary and Confidential.
Building to Operating
Foothold
Privilege escalation
Movement
Detect
Make risk-driven security decisions
Minimize attack surface
Simplify governance
Prevent
Programmable data collection
Forensics
Disrupt attacks
Respond
©2017 StackRox, Inc. All Rights Reserved. Proprietary and Confidential.
©2018 StackRox, Inc. All Rights Reserved. Proprietary and Confidential.
Security Built In
TechnologyContainer and cloud-native detection & response
with patent-pending innovations
in machine learning
MissionSecure enterprises’ container and cloud-native
infrastructure container threats
CustomersGlobal 2000 enterprises acrossfinance,
media, technology and government
Investors$14M from top venture capital firms
& renowned security experts
8
©2017 StackRox, Inc. All Rights Reserved. Proprietary and Confidential.