保護您的無服務器云基礎架構.pdf

《保護您的無服務器云基礎架構.pdf》由會員分享，可在線閱讀，更多相關《保護您的無服務器云基礎架構.pdf（52頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveRyan MacLennanTechnical Marketing EngineerDEVNET-1075Secure Your Serverless Cloud Infrastructure 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker after t

2、he sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rig

3、hts reserved.Cisco PublicDEVNET-1075Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicUnderstanding ServerlessDifficulty of Securing ServerlessWhat Security Do You NeedHow We FitPanopticaRadware Cloud WAFSecure Cloud Insights/AnalyticsAppDynamicsDEVNET-1075Understanding Serverl

4、ess 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEvolution of Application ArchitecturesMonolithicService Oriented(Separation of concerns)MicroservicesCloud NativeServerlessDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveServerless

5、Is Multiple Services In OneBackend as a Server(BaaS)Function as a Service(FaaS)HostingContainersAPI GatewaysDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy Talk About Serverless?DEVNET-107550%50%Companies using Serverless*Regardless of cloud providerStack O

6、verflow Questions600%Used by 60%of large organizations3+LanguagesDifficulty of Securing ServerlessDEVN 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTraditional Security Does Not ApplyNo serversNo networkingNo controlDEVNET-1075What Security Do You Need?2023 Cisco and/or

7、 its affiliates.All rights reserved.Cisco Public#CiscoLiveThree Components of Serverless SecurityDEVNET-1075Identity Access Management(IAM)Resource ManagementPlatform SecurityCode SecurityNetwork SecurityContinuous Integration/Continuous Deployment(CI/CD)Code VulnerabilitiesDistributed Denial of Ser

8、vice(DDoS)BotsWeb Application Firewall(WAF)API EndpointsHow We FitPanoptica 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePanoptica OverviewCloud-Native Application Security,SimplifiedFeatures:API SecurityCloud Function SecurityCI/CD Pipeline SecurityDEVNET-1075 2023 Cis

9、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePanoptica Scans Functions For Threats&VulnerabilitiesServerless is not scannable by regular vulnerability scannersIdentifies and labels types of threats a serverless function hasDEVNET-1075 2023 Cisco and/or its affiliates.All rights

10、 reserved.Cisco Public#CiscoLivePanoptica Has Access Controls For Cloud Functions ACLs can:AllowDetectBlockBased on:Risk levelVulnerability levelPermissionsMany moreDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePanoptica Scans APIs for Security PostureFinding

11、s Can Include:NetworkAuthenticationDNSAPI SpecificationsMany MoreDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePanoptica Scans Code for VulnerabilitiesPart of CI/CD pipelineVulnerability scanning while building packagePrevent unauthorized functions from being

12、 deployedDEVNET-1075Radware Cloud WAF&DDoS 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRadware Cloud WAF&DDoS OverviewProvides multiple cloud-based services:WAFDDoSBot protectionAPI protectionMany moreDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cis

13、co Public#CiscoLiveRadware is a Web Application FirewallWhy it blocked a connectionWhere it came fromThe severity of the connectionDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRadware Provides DDoS ProtectionPrevents DDoS attempts from around the worldDEVNET

14、-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRadware Stops BotsCan allow or deny bad bots or legitimate botsDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRadware Scans Your APIsWill discover APIs over time(including unknown

15、 API endpoints)Can prevent access to these endpointsOr block specific request typesDEVNET-1075Secure Cloud Insights 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSCI OverviewAsset managementAttack surface visualizationComplianceDEVNET-1075 2023 Cisco and/or its affiliate

16、s.All rights reserved.Cisco Public#CiscoLiveSCI Shows All Assets In The CloudDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSCI Finds Cloud Function Access to ResourcesDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSCI A

17、lerts are actionableSCI has built-in alerts it looks forCustom alert rules can be madeThey give exact cause making it easy to fixDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSCI Example of a Custom RuleHow important the rule isWhen it should checkThe query S

18、CI usesDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSCI Monitors The Environments ComplianceMany sections of compliance within SCIEasy identification of what are issuesDEVNET-1075Secure Cloud Analytics 2023 Cisco and/or its affiliates.All rights reserved.Cis

19、co Public#CiscoLiveSecure Cloud Analytics OverviewComprehensive cloud analysis and alertsMonitors entire cloud infrastructure for anomaliesProvides Cloud Function analysisWatches for unwanted trafficDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure Cloud A

20、nalytics Monitors Cloud FunctionsAlerts on:Abnormal amount of function runsAttacker Persistence through a functionNew permissions for account accessDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSCA Third Party WatchlistUpload custom domain/IP listsBRKCLD-2367

21、 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSCA Country WatchlistBRKCLD-2367AppDynamics 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAppDynamics OverviewProvides:Serverless application performance monitoring(APM)Library monitoringAttack m

22、onitoringDEVNET-1075ThousandEyes 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThousandEyes OverviewProvides internet&cloud visibilityService assuranceRemote testingDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCan test any URLRun

23、s from the cloudOr anywhere an agent isShows where an issue isAnd whyThousandEyes HTTP TestsDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTests user experienceShows loading domainsShows page load blockersThousandEyes Can Tests Page Loading TimesDEVNET-1075Wha

24、t It Looks Like 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGeneral Architecture DiagramDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWith ThousandEyesDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public

25、#CiscoLiveConclusionUsing all these products is preferableOne product cannot cover all the pillarsLayers of security is the best policyDEVNET-1075 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session

26、 surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!DEVNET-1075These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Game for every survey completed.2023 C

27、isco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.

28、CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive52Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123452 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDEVNET-1075#CiscoLive