云原生世界中的應用程序安全性.pdf

《云原生世界中的應用程序安全性.pdf》由會員分享，可在線閱讀，更多相關《云原生世界中的應用程序安全性.pdf（66頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveJatin SachdevaPrincipal Security ArchitectCisco Global Security Architecture Team(GSAT)BRKSEC-1139Architecting a journey to cloud native application securityApplication Security in the Cloud Native world 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAbout your

2、speaker3Fun fact I am Indian,but I am not into cricket or spicy food!PlayLive in Melbourne,Australia with my lovely family and this crazy fellowCan geek out on anything from tech and cars to fitness and nutrition!Work21 years in security industry,18 in Cisco.Focused on multi-domain security architec

3、ture and new techKnowledge seeker hence certs a plenty CISSP,CISA,CEH,GWAPT,GSEC,GCIA,GCIH,GCSA,GPCS,SFCEPrior to Cisco security consulting,implementation and auditBRKSEC-1139 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 4Qu

4、estions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June

5、9,2023.12344https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-1139Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntro to Cloud Native SecuritySecuring Cloud Native TechnologiesSecuring Application RuntimesSecuring Public Cloud InfrastructureOut

6、ro BRKSEC-11395 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNavigating the new world order isnt easyE-CommerceLocationPersonalizationChatAIAssociateMarketingScan and goPOSConsumerNetOpsAppOpsandDevOpsCloud InfraOpsAppSecandSecOpsBRKSEC-11396Infrastructure is changing 2

7、023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWelcome to the Multi-Cloud EraBRKSEC-11398 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePublic Cloud MaturityStage 0Stage 1Ad Hoc CloudOpportunistic andPlanned CloudTrusted andRepeatable CloudStag

8、e 2Stage 3Automated andIntelligent CloudSource:Gartner Advance Through Public Cloud Adoption MaturityBRKSEC-11399 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive Do we have a multi-cloud,unified,view of our cloud native assets,their criticality and relationships?What is m

9、y current cloud native attack surface and how does that affect the risk to my critical assets What are the critical risks,threats and policy gaps in my environment?How can I apply Zero Trust principals to protect my cloud assets?Can we quickly detect,respond and remediate threats to our cloud native

10、 assets?What is my real-time attack surface in the dynamic cloud environmentSecurity challenges in the multiSecurity challenges in the multi-cloud Worldcloud WorldAre we asking the right questions?BRKSEC-113910Applications are changing 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi

11、c#CiscoLiveApplications are critical to modern businesses500M500MApps will be developed over the next three years190%90%of new apps will be developed as cloud-native applications by 20253DevSecOps must manually manually stitch 10+stitch 10+disparate toolsIncreasedIncreased threats&increased Reg&Comp

12、liance requirementsBlurring boundaries Blurring boundaries between Dev and Security teamsApplications are the New Lifeline of Modern BusinessesMore Applications are Being Born in the CloudSecurity challenges for cloud-native applicationsLegacy tools are not enough not enough to secureto secure cloud

13、 native apps30%30%of custom enterprise applications will run in a container environment by 2024(up from 10%in 2020)2Source:Cisco Corporate Story,IDC,Gartner1.Estimated by IDC:500M apps and services are being driven by industry-specific digital transformation use cases,with businesses accelerating th

14、eir creation of custom-built,customer-facing apps on the web,mobile devices and other touch digital points2.Estimated by Gartner3.Estimated by IDCBRKSEC-113912 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSimple Modern ApplicationIngressPgSQLNoSQLtcp/SQLtelemetry3rdPart

15、ypaymenttcpHTTPfrontendbillingAppBrowserBRKSEC-113913 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe realityDeployed in Multi-cloud using Microservices,Serverless functions and APIs Decoupled Dynamic ScalableBRKSEC-113914 2023 Cisco and/or its affiliates.All rights re

16、served.Cisco Public#CiscoLiveApplication development workflows have evolvedDevelop CommitsNew FeatureAutomation!Builds,TestingAutomation!Deploy,MonitorOrchestrationOperationsContainerRegistriesContinuousMonitoringBRKSEC-113915 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLi

17、veRecent exploits of new attack surfaces 2023 Cisco and/or its affiliates.All rights reserved.BRKSEC-113916Facebook(video trimming DOS)Jan 2021Jan 2021John Deere,Springfox(Authorization vulnerability+Extensive data exposure)April 2021April 2021Experian(Authentication)April 2021April 2021Pelotons Fit

18、ness(Data Exposure via unsecured API)May 2021May 2021LinkedIn(Broken ObjectLevel Data Exposure)June 2021June 2021Optus(Unsecured API leads to data exposure and extortion)Sep 2022Sep 2022June 2020June 2020Kubernetes kube-controllerServer Side Request Forgery(SSRF)Leak July 2020July 2020Kubernetes con

19、trol plane vulnerability leads to privilege escalationPyTorch module(Supply Chain Attack)Jan 2023Jan 2023 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicExplosion of threat vectors in microservices securityEvery quarter Reference Forbes 2022 https:/ attack increase 93%of companies

20、had a Kubernetes security incident in the last 12 monthsReference Redhat 2022 https:/ cost of a data breach in 2022Reference IBM 2022 https:/ millionAPI attacks will become the most-frequent attack vector,causing data breaches for enterprise web applications.-Gartner,2022BRKSEC-113917So where does t

21、hat leave security teams?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample-Cloud Native Application Security ChallengesSecuring Containers,K8s&APIsK8s,Container images&runtimesKey Questions:Are my images immutableimmutable throughout the application lifecycle(i.e.,no

22、 drift?)Do I have proper RBACRBACand pod security pod security measures in place?Do I have visibilityvisibility of all my images and how they interact with other services?Cloud Native security must be automated within existing processesCloud Native applications rely extensively on internal and exter

23、nal APIsKey Questions:Are my APIs vulnerable?Do I depend on vulnerable APIs?Do I have indirect dependencies on vulnerable APIs?Can an attacker get to my data?BRKSEC-113919 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGartners View of Cloud and Application SecurityCloud

24、ConfigurationAcross EnvironmentsRuntime ProtectionAcross WorkloadsCloud and Kubernetes Security Posture Management(CSPM,KSPM)Cloud Infrastructure Entitlement Management(CIEM)Cloud Workload Protection Platform(CWPP)Artifact ScanningAcross Languages&LibrariesDynamic/Static Application Scanning Testing

25、(DAST/SAST)API ScanningSoftware Composition Analysis(SCA)Exposure Scanning:CVEs,Secrets,Sensitive Data,Malware,Attack Path AnalysisApplication Monitoring and Protection Network SegmentationInfrastructure as Code Scanning(IaC)Network Configuration&Security PolicyExposure Scanning:CVEs,Secrets,Sensiti

26、ve Data,Malware,Attack Path AnalysisBRKSEC-113920 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMissing Pieces to the PuzzleCloud ConfigurationAcross EnvironmentsRuntime ProtectionAcross WorkloadsCloud and Kubernetes Security Posture Management(CSPM,KSPM)Cloud Infrastruc

27、ture Entitlement Management(CIEM)Cloud Workload Protection Platform(CWPP)Artifact ScanningAcross Languages&LibrariesDynamic/Static Application Scanning Testing(DAST/SAST)API ScanningSoftware Composition Analysis(SCA)Exposure Scanning:CVEs,Secrets,Sensitive Data,Malware,Attack Path AnalysisApplicatio

28、n Monitoring and Protection Network SegmentationInfrastructure as Code Scanning(IaC)Network Configuration&Security PolicyExposure Scanning:CVEs,Secrets,Sensitive Data,Malware,Attack Path AnalysisFullFull-Stack Observability with Business ContextStack Observability with Business ContextCloud Detectio

29、n&Response Cloud Detection&Response BRKSEC-113921 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAppDynamicsAppDynamicsCisco XDRCisco XDRPanopticaPanopticaSecure WorkloadSecure WorkloadKennaKennaSecure ApplicationSecure ApplicationCiscos Cloud and Application Security Foc

30、usCloud ConfigurationAcross EnvironmentsRuntime ProtectionAcross WorkloadsCloud and Kubernetes Security Posture Management(CSPM,KSPM)Cloud Infrastructure Entitlement Management(CIEM)Cloud Workload Protection Platform(CWPP)Artifact ScanningAcross Languages&LibrariesDynamic/Static Application Scanning

31、 Testing(DAST/SAST)API ScanningSoftware Composition Analysis(SCA)Exposure Scanning:CVEs,Secrets,Sensitive Data,Malware,Attack Path AnalysisApplication Monitoring and Protection Network SegmentationInfrastructure as Code Scanning(IaC)Network Configuration&Security PolicyExposure Scanning:CVEs,Secrets

32、,Sensitive Data,Malware,Attack Path AnalysisFullFull-Stack Observability with Business ContextStack Observability with Business ContextCloud Detection&Response Cloud Detection&Response BRKSEC-113922 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-1139Application cod

33、e security testingApplication runtime governanceand protections Workload&Cloud infrastructureContainerization technologiesDynamic,context aware micro and macro segmentation and access control for zero trustThreat prevention for public cloudsApplication runtimeProtecting containerization technologies

34、 and environmentsRisk and compliance An example set of capabilitiesBRKSEC-113923Cloud Detection&Response 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-1139Cisco Secure App with AppDCisco PanopticaWorkload&Cloud infrastructureContainerization technologiesCisco Secu

35、re WorkloadCisco Secure FirewallCisco Multi-Cloud DefenseApplication runtimeCisco PanopticaCisco Secure WorkloadCisco Capability MappingBRKSEC-113924Cisco XDRSecuring Cloud Native Technologies 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnabling security across the ful

36、l app stackFrom Dev to RuntimeDeploymentRuntimeCI/CDDevShift LeftShift LeftSecuritySecurityApplication Application Composition Composition Connection andConnection andAPI AssessmentAPI AssessmentPolicy ControlPolicy ControlGovernanceGovernanceBRKSEC-113926 2023 Cisco and/or its affiliates.All rights

37、 reserved.Cisco Public#CiscoLiveSecurityCloud Native Development Drives VelocityActive Focus on FeatureRecent MemoryFocused on Other FeaturesMonths LaterWeeks LaterHours to DaysAUTOMATEDAUTOMATEDAUTOMATEDAUTOMATEDAUTOMATEDAUTOMATEDBRKSEC-113927 2023 Cisco and/or its affiliates.All rights reserved.Ci

38、sco Public#CiscoLiveApply Security Before AnyAny IntegrationIntegrating Security in the PipelineShifting Security to the LeftApply Security Before EveryEvery DeploymentBRKSEC-113928 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveContinuous Integration Actionable SecurityD

39、eveloper PersonaPipeline ReportBRKSEC-113929 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Native Technologies to SecureContainersKubernetesServerlessBRKSEC-113930API 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAnatomy of a ContainerB

40、ase ImageRuntimeDependenciesApplicationUSER mobyENV var1ENV var2EXPOSE 443/tcpBRKSEC-113931 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSoftware Bill of MaterialsBase ImageRuntimeDependenciesApplicationContainer SettingsBRKSEC-113932 2023 Cisco and/or its affiliates.Al

41、l rights reserved.Cisco Public#CiscoLiveBase ImageAnatomy of a Kubernetes ApplicationRuntimeDependenciesApplicationPod MetadataPod Security ContextContainer SettingsContainer ResourcesContainer SecuritynamespacenamelabelsannotationscontainerPortprotocolresources(cpu/memory)readinessProbelivenessProb

42、evolumestolerationsrunAsNonRootrunAsUserrunAsGroupfsGroupenvironment variablesvar1=value1var2=value2allowPrivilegeEscalationprivileged(container)capabilities(NET_ADMIN,e.g)readOnlyRootFilesystemContainer SettingsBRKSEC-113933 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv

43、eLeveraging Industry Best PracticesPod MetadataPod Security ContextContainer SettingsContainer ResourcesContainer SecurityCIS Kubernetes Benchmarkshttps:/www.cisecurity.org/benchmark/kubernetesCIS Docker Benchmarkshttps:/www.cisecurity.org/benchmark/dockerContainer SettingsBase ImageRuntimeDependenc

44、iesApplicationBRKSEC-113934 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveShared Responsibility Model for KubernetesSource:AWS Shared Responsibility Model for EKShttps:/aws.github.io/aws-eks-best-practices/security/docs/index.htmlBRKSEC-113935 2023 Cisco and/or its affil

45、iates.All rights reserved.Cisco Public#CiscoLiveServerless Doesnt Mean SecurelessSource:AWS Shared Responsibility Model for Serverlesshttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOpenAPI Spec(Swagger)Anatomy of an API(Application Programming Interface)frontendPO

46、ST/reservationrequest data(JSON)response data(JSON)header data(key/value)GET/reservation/moidheader data(key/value)response data(JSON)user/frontend:1.1base-imageruntime-engineapplication-codeAuthNAuthNAuthZAuthZbookingsBRKSEC-113937 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C

47、iscoLiveVulnerable Software ComponentsSecurity of an APIFamiliar Transport Concernsfrontenduser/frontend:1.1base-imageruntime-engineapplication-codetcp/443mTLSPermitted Cnxn(L3)Permitted Cnxn(L7)Permitted Cnxn(Sec)OpenAPI Spec(Swagger)POST/reservationrequest data(JSON)response data(JSON)header data(

48、key/value)GET/reservation/moidheader data(key/value)response data(JSON)AuthNAuthNAuthZAuthZbookingsBRKSEC-113938 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecurity of an APIApplication Layer(L7)Concernsfrontenduser/frontend:1.1base-imageruntime-engineapplication-code

49、AuthN TokenSpec AnalysisBroken Object Level AuthZBroken Function Level AuthZOpenAPI Spec(Swagger)POST/reservationrequest data(JSON)response data(JSON)header data(key/value)GET/reservation/moidheader data(key/value)response data(JSON)AuthNAuthNAuthZAuthZbookingsBRKSEC-113939 2023 Cisco and/or its aff

50、iliates.All rights reserved.Cisco Public#CiscoLiveAttack Path AnalysisPrioritize&fix exploitable attack vectors with comprehensive attack path analysis.CI/CD SecurityIdentify,prioritize,&remediate risk throughout SDLC&enforce continuous governance policies.CSPMAutomate compliance monitoring&simplify

51、 asset visualization,sorting,&grouping.CWPP+KSPMGet continuous visibility,risk assessment&mitigation guidance across all your cloud workloads:VMs,containers/Kubernetes,&serverless.API SecuritySecure,monitor&perform risk assessment of internal,external APIs,&API tokens.Code to Cloud Security from Dev

52、elopment to Runtime 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive41BRKSEC-1139 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSingle Controller,Modular Architecturecontrollercontrollergrypegrype-serverserverkubeclaritykubeclarityapiclarityapi

53、clarityvaultvaultistioistioCVE DBCVE DBKubernetes Control PlaneKubernetes Control Planepanoptica.apppanoptica.appconfigurationconfigurationfindingsfindingsDeployment RulesCluster Events RulesBRKSEC-113942 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivecontrollercontroller

54、grypegrype-serverserverkubeclaritykubeclarityapiclarityapiclarityvaultvaultistioistioCVE DBCVE DBKubernetes Control PlaneKubernetes Control Planepanoptica.apppanoptica.appconfigurationconfigurationfindingsfindingsConnection RulesAPI Security TracesAPIAPIGatewaysGatewaysSingle Controller,Modular Arch

55、itectureBRKSEC-113943 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Panoptica enables DevSecOps at scaleZero Trust for Cloud Native AppsPolicy automationWrite one policy and propagate across containers or code deployments to ensure new code has less riskActionable

56、InsightsDashboard highlighting MITRE ATT&CK vectors aligned to Kubernetes risks Pod-based approachApplication runs on a single pod that covers your entire environment even across clouds Works across all Kubernetes platformsWorks across all Kubernetes platformsRedHatRedHatOpenShiftOpenShiftRancherRan

57、cherRKERKEGoogleGoogleGKEGKEAWSAWSEKSEKSOracleOracleOCIOCIAlibabaAlibabaACKACKAzureAzureAKSAKSTencentTencentTKETKEBRKSEC-113944 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePanoptica ArchitectureEasy integration into K8 environmentsPanOptica PluginPanOptica SaaSBM Serve

58、rsBM ServersAdmission Admission ControllerControllerAdmission Admission ControllerControllerIDEUses the admission controller permissionOne Panoptica Pod per clusterIstio service mesh for segmentation&encryption(or Calisti)CI/CD pipeline plugin for image scanning45BRKSEC-113945Securing Application Ru

59、ntimes 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnhanced Attack detection via stack traces Respond by Blocking AttacksContinually Detect Vulnerabilities in LibrariesCommon Vulnerabilities and Exceptions with Code Level correlationSpot CVE correlated runtime exploits

60、 and Zero Day attacks(like Log4j)Policy level blocking that stops bad actors even if vulnerabilities existSecurity insights enriched with Application and Business context to Establish VisibilityWhat is achievable in App RuntimeSoftware Composition Analysis(SCA)&Runtime App Self Protection(RASP)47BRK

61、SEC-1139Enforce Policy through runtime instrumentation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Secure Application with AppDynamicsCapabilitiesSimplify the life-cycle of vulnerability fixes and security incidents by creating shared context across Application a

62、nd Security teams.App-Tier-Node vulnerability correlation helps teams have visibility to focus on incidents that matter most.Protection at runtime.Visibility to the apps true behavior enables teams to:Detect application code dependency&configuration level security vulnerabilities in production See w

63、hat is happening inside of the code and prevent known exploits Protect application communications without additional firewalls or proxies 48BRKSEC-113948 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive49BRKSEC-1139Securing Public Cloud Infrastructure 2023 Cisco and/or its

64、 affiliates.All rights reserved.Cisco Public#CiscoLiveFoundation to move up the application security stackAdaptive Application SegmentationAs attributes and conditions changeComprehensive visibility into multi-cloud activityConsistent up-to-date viewIdentify threats based on cloud infrastructure beh

65、aviorBehaviorThreatsWorkload vulnerability and exploit detectionBehaviorVulnerabilitiesExploitsAddressing the Basics for Public Cloud TransitionBRKSEC-113951 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Workload Protection done rightDynamic attribute&behavior-base

66、d security policy and segmentationBaseline workload protection postureProcess behaviorApplication InsightsSW VulnerabilitiesNetwork communicationsThreat IntelPolicy violationsRisk ReportsUnified policyMerge intent from multiple stake holdersAssessImpactEnforcementCompliance alertsBaseline policy1234

67、5BRKSEC-113952 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUnderstand your workloadsAutomated discovery,clustering and policy generation App ViewDynamic PoliciesManagementNTPAuthenticationUsersDNSTCP 443TCP 443TCP 443Shared DatabaseWebSQLProcessingAppFund MgmtBaseline

68、workload protection postureNetwork communicationsProcess behaviourLabelsCisco Tetration Application InsightsBRKSEC-113953 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMultiple teamsteams and organizations Multiple environments environments and cloudsand cloudsEach have

69、segmentationsegmentationmethods and toolsInconsistent and siloed Inconsistent and siloed islands of policy controls islands of policy controls across network&appsacross network&appsThe Policy PuzzleArriving at layers of policyPolicy DomainsKubernetes NodesEKSAKSLoad Balancers/Ingress ControllersClou

70、d Security GroupsSecurity GroupsFirewallsVirtual DesktopsHost Operating SystemBRKSEC-113954 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Secure WorkloadEnforce Policy with Cisco Secure WorkloadUnified Policy across Host,Network and CloudHost BasedSecure FirewallFi

71、rewall PoliciesNetworkAKSCloudEKSBRKSEC-11395555BRKSEC-1139 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive56BRKSEC-1139Summary 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication SecurityThreat Intelligence|Malware Analytics|Actionable

72、Intelligence|Unmatched Visibility|Collective ResponsesApplication Security Reference ArchitectureSecurity Operations(XDR)User/Device SecurityAdaptive MFA|Passwordless|TrustSASE/REMOTE WORKERZERO TRUST WORKFORCE SecureE-mailDuo Secure AccessUnified Client|EDR|Cloud ManagedThreat Visibility&HuntingMan

73、aged Detection and Response Services3rd Party IntegrationsSecurity,Orchestration,Automation and Response Incident Response and Remediation ServicesSecure Cloud InsightsKenna Vuln MgmtHybrid PrivateSecure FirewallApp Observability|Detection|ResponseSecure Cloud Analytics&InsightsPublic Cloud*APIC-DCA

74、PICPostureTelemetryThreatQueryVPNCisco Secure ClientThousandEyes(Observability)Device InsightsSecure WorkloadSecure Appby AppDynamicsPanopticaPolicy|Application SegmentationRun-time Application Security|API Security ZERO TRUST WORKLOADValtixRuns natively alongside the APPVia centralized policy manag

75、ement,Shields K8s,validates configs,integrates with CI/CD,manages connections through service mesh,API and serverless securityIntegrated in the APPVia APM:Captures application events and acts in run-timeTie to biz context risk per transactionMicro-segmentation across hybrid platformsIntegration with

76、 existing APIC and Secure Firewall(Dynamic Objects)Client visibilitySecureDDoS&WAFBRKSEC-113958 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCloud Native Apps introduce more security complexitySecOps has to keep up with the speed of app development and have an integrate

77、d workflowKubernetes is not secure by default;massive proliferation of one-function tools Traditional security tools dont meet the needs for cloud native app developmentBRKSEC-113959 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBringing Worlds TogetherEntry PointEntry P

78、ointStart from the leftby integrating into dev toolchainStart from the rightwith runtime protection StakeholdersStakeholdersCIO and the DevOps teamCISO and the security teamsCisco Offerings Cisco Offerings Vulnerability Management(Kenna),Cisco Secure Application for AppDynamics,Panoptica,Secure Work

79、loadSecOpsDevOpsBRKSEC-113960 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicRelated SessionsSecuring Cloud Native Applications with Panoptica-BRKETI-2511New innovations in Application Security-BRKAPP-1624How to Build a Secure Multi-Cloud Environment with Cisco Secure Workload-BRKS

80、EC-1773Any cloud,anywhere!Zero trust for your Workloads in hybrid multi-cloud environments-BRKSEC-2177Consistently Secure the Multicloud at Any Scale with Cisco-BRKSEC-214561BRKSEC-1139 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees

81、 who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!62BRKSEC-1139These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Li

82、ve Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit t

83、he On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive65Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123465 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-1139#CiscoLive