Matt Turner: Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Security incident response is a well-understood operation, with established best practices like the MITRE Att&ck Framework and the Lockheed Martin Kill Chain. Tooling to aid and automate incident response exists, but not all of it is applicable to cloud-native platforms. For example, playbook apps are generally applicable, but the steps to move compromised workloads to an isolated forensics network are platform-specific, and new implementations are needed for the cloud-native world.
In this talk, Matt will:
- Recap incident response 101
- Introduce some cloud-native tech including Kubernetes, Istio, and GitOps
- Show an Operator built by Matt for dynamically adding complex layer-7 traffic rules in response to changes in the environment, which will be used as part of the demo
- Walk you through a response to a log4shell attack against a workload in a k8s cluster: sensor alert, SIEM analysis, IRP automation (honeypots, isolation), building the IoC, and killing the attack.
Sonya Moisset: The Iceberg: Your Attack Surface Just Got Bigger (How to mitigate risks in your OSS projects)
Software supply chain attacks are not a new security concern, but high-profile attacks such as SolarWinds, CodeCov, and Kaseya have brought the topic to the forefront of cybersecurity awareness across the globe. Software supply chain attacks have not only increased in volume and frequency, but have also become more sophisticated. This trend, together with the potentially wide impact of a singular successful supply chain attack, requires maintainers to take dedicated steps to ensure the security and integrity of their projects. You will learn how to secure your CI/CD pipeline by setting up guardrails at each stage and harden your OSS projects.
Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity