Defenders Guide to Cloud Native Infrastructure Security

Abstract

Developer and Operation teams (DevOps) have moved towards cloud, containers, kubernetes, serverless and cloud native infrastructure. Security teams are still catching up with understanding these technologies and applying their knowledge of security expertise. As we work with modern technologies to build our organizations infrastructure, we prefer to make the application available in production as soon and as many times as possible. In this workshop, we will get started with setting up real-world cloud native infrastructure using containers, serverless, service mesh with automated deployments and each phase will contain built-in security with help opensource tools and cloud services.

We will perform security at multiple layers like Infrastructure Security, Supply chain Security and Run time Security with real-world scenarios. At the end of the workshop we will verify the security of the cloud native infrastructure by performing automated security scan with the help of CIS Benchmarks. The outcome of this workshop can be directly applied in their organizations and daily operations to apply practical security skills in the modern era.

Some of the interesting real-world scenarios we will be covering during the training includes:

• Secure infrastructure setup using ingress controller, OAuth2 proxy and cert-manager
• Near real-time security defense of micro services and APIs using Istio (Service Mesh)
• Runtime container security monitoring using Sysdig Faclo to detect and defend against security attacks

Note: We will be deploying mostly in Goolge Cloud Platform (GCP), but all the scenarios and concepts will be applied in different cloud providers and on-premise environments.

Madhu Akula

Never Ending Learner!

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27, 28, 29, 30), BlackHat (2018, 19, 21, 22 & 23), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19, 22), All Day DevOps (2016, 17, 18, 19, 20, 21 & 22), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21 & 22), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.