CloudNativeSecurityCon-deck_SUSE.pdf

《CloudNativeSecurityCon-deck_SUSE.pdf》由会员分享，可在线阅读，更多相关《CloudNativeSecurityCon-deck_SUSE.pdf（6页珍藏版）》请在三个皮匠报告上搜索。

1、Copyright SUSE 2023 Kubernetes is the Perfect Platform for Enforcing Zero Trust SecurityFEBRUARY 20231Copyright SUSE 2023 Reactive Security Model Scan,Monitor,Detect,RespondReactive Security Deny list policy Signature/Keyword/Regex match Scanning known vulnerabilities Bad IP/URL list Zero-day feed M

2、anual configuration and managementApache StrutsLog4jBad IPsUnpatched CVEZero-dayCopyright SUSE 2023 Proactive Security Model Zero Trust3Kubernetes is a perfect platform for new security model:DeclarativeAutomationScalable&high performanceReal time enforcement&zero trustSUSE NeuVectorProactive Zero T

3、rust SecurityAllow list policy(deny by default)Live segmentation&L7 firewallAdmission control policyBehavior learning and lock downZero-Day/Unpatched CVE mitigationCI/CD pipeline security,supply chain securityCloud native deployment and managementAudited RBACShared security responsibilityPolicy as c

4、ode,security automationContinuous compliance enforcementApache StrutsUnpatched CVELog4jBad IPsZero-dayCopyright SUSE 2023 Secure Kubernetes in the Real World:4Fortune Global 200 Enterprise:Hybrid Cloud:on-premises+public cloudMigrating traditional workloadsNeed run-time security that does not slow d

5、ev velocitySOC II Compliance RequirementsSUSE NeuVector Provides:Multi-cloud Policy Federation&ManagementSupply Chain and Pipeline SecurityZero Trust Runtime Protection with AutomationFirewall with WAF&DLP that satisfies the SOC II requirementsSaaS Financial Services:Fast-growing 100%SaaS Online Ban

6、kRapid development velocitySubject of targeted network attacksBanking Regulations PCI etc.SUSE NeuVector Provides:Independent security managementCRD based policy-as-code security automationNetwork-centric Zero-Trust enforcementContinuous Co