Cloud Native Security 101_CNSCon23.pdf

1、Rafik HarabiCloud Native Security 101:Building Blocks,Patterns and Best Practices1Who Am I?Senior Solution Architect at Sysdig,Cloud Security AdvocateFocus on Cloud Native Security and ObservabilityPreviously working on go to Cloud programmesrafik8_rafikharabi2Who are you?Who is here for the first t

2、ime?Who knows one of those acronyms:CWPP,CSPM,KSPM,CIEM,CNAPP,CDR?Who knows two of them?Who knows three?All of them?3Agenda Cloud Native Security acronyms Anatomy of Cloud Native application Lifecycle of Cloud Native application Cloud Native Security Platform building blocks.Attack vectors.Patterns&

3、Best Practices.Personas and Workflows.45Network/SecurityManagementIdentity and AccessDataPlatformsWorkloadAnatomy of Cloud Native Application Cloud ProviderLogs&MonitoringMessaging ServiceCloud LoadBalancerSecurity GroupsStorageObject storageInstanceServerlessDatabaseManaged SQL IAMCloud Infrastruct

4、ureContainersAudit logsKubernetesContainer as a Service6Cloud Native AcronymCWPPCloud Workload Protection PlatformWorkload and application security(Container,VM,Serverless).Network/SecurityManagementIdentity and AccessDataPlatformsWorkloadLogs&MonitoringMessaging ServiceCloud LoadBalancerSecurity Gr

5、oupsStorageObject storageInstanceServerlessDatabaseManaged SQL IAMContainersAudit logsKubernetesContainer as a Service7Cloud Native AcronymCSPMCloud Security Posture ManagementCloud assets configuration security:Protect the cloud control plane,basically tracking cloud resources and verifying the sta

6、tic configuration of the cloudNetwork/SecurityManagementIdentity and AccessDataPlatformsWorkloadLogs&MonitoringMessaging ServiceCloud LoadBalancerSecurity GroupsStorageObject storageInstanceServerlessDatabaseManaged SQL IAMContainersAudit logsKubernetesContainer as a Service8Cloud Native AcronymKSPM