Posts under Security

Image - Google Next Talk: Kubernetes Security Threats and Solutions

Google Next Talk: Kubernetes Security Threats and Solutions

We were pleased to present at Google Cloud Next 2018 at the request of Allan Naim, a Kubernetes Engine product manager at Google. In our talk, we highlighted reference architectures for container security and technical demos of attack vectors in the ecosystem. Our talk centered around architectures for FinTech companies running on Google Kubernetes Engine (GKE), but anyone running containers and Kubernetes can leverage the findings we’ll review here. Allan started the discussion with an overview of the Google Cloud products that retail and financial services businesses can use to build rich, tailored, easy-to-operate solutions for their customers.

Image - Gartner’s Top 10 Security Projects – Part II

Gartner’s Top 10 Security Projects – Part II

We’re picking up our coverage of Gartner’s security conference with a continued discussion of the Top 10 Security Projects Gartner recommends you do this year, in prioritized order. In Part I of the discussion, we highlighted Privileged Account Management, CARTA-inspired Vulnerability Management, and Active Anti Phishing. Neil continued his list by highlighting the need for protections like StackRox provides. #4 – Application Control on Server Workloads For this project, Neil emphasized the need to reduce the attack surface and limit certain functions from running on servers.

Image - Gartner on the Top 10 Security Projects for the Year

Gartner on the Top 10 Security Projects for the Year

We’ve been highlighting a number of the talks at Gartner’s security conference last month, including on the value of shifting right with security, risk-prioritized vulnerability guidance, and the principles of continuous security. In this recap, we’ll profile Neil MacDonald’s presentation on the Top 10 Security Projects you should undertake this year. He led off the talk acknowledging we’re never “done” in security, and that it’s futile to try to build perfect security.

Image - Continuous Security - More on Gartner’s CARTA Model

Continuous Security - More on Gartner’s CARTA Model

In recent blog posts, we’ve been highlighting some of the key takeaways from Gartner’s recent security conference. In the session on the top 10 principles of CARTA (Continuous Adaptive Risk and Trust Assessment), Neil MacDonald highlighted how organizations need to change their security practices to match today’s world. One of the more interesting observations Neil made was that organizations in general have over-invested in preventative measures and they’ve underinvested in the detection and response.

Image - Gartner on Continuous Security - the Model

Gartner on Continuous Security - the Model

As we continue to explore some of the major themes from Gartner’s recent security conference, the theme of Continuous Security came up throughout the week. Gartner analyst Neil MacDonald spent time defining both the principles of CARTA – Continuous Adaptive Risk and Trust Assessment – and highlighting the priority security projects that adhere to those principles. Most security infrastructure, Neil argues, was designed for a world in which we knew good vs.

Image - Gartner on the Need to “Shift Right” in Security

Gartner on the Need to “Shift Right” in Security

Over the next week or so, I’ll be sharing some insights and observations from last week’s Gartner security summit conference. We’ll explore key conference themes around how DevOps and Security can work better together, the role of ML and automation, and the major challenges still confronting security practitioners. The infinite loop pictured here was a theme throughout many presentations. All visual models like this quickly become a little too complicated, but this vision of continuous security and a constant feedback loop between the build/deploy phase and the runtime phase really hits a chord with us here at StackRox.

Image - Where machine learning meets security

Where machine learning meets security

The last few decades have seen tremendous progress in machine learning (ML) algorithms and techniques. This progress, combined with various open-source efforts to curate implementations of a large number of ML algorithms has lead to the true democratization of ML. It has become possible for practitioners with and without a background in statistical inference or optimization – the theoretical underpinnings of ML – to apply ML to problems in their domain.