As IT organizations build and release software continuously, how do security teams become enablers of this pace? How can you ensure that the higher rate of change is not leading to lesser security?
Join our webinar to learn how Pivotal and Signal Sciences work together to make app deployments faster *and* safer in cloud-native environments.
This webinar will cover:
- Best practices for implementing new security programs and incentivizing their adoption
- How to simplify application layer security deployments across a variety of apps, teams and cloud infrastructures
- How threat visibility and real time attack telemetry brings security context into DevOps teams, and improves response times.
Presenters: Zane Lackey, Signal Sciences and Kamala Dasika, Pivotal
19. 19
“The first time ever we fully upgraded Cloud
Infrastructure with Zero Impact.
In Production.
During Business Hours.
During Peak Business Hours.”
Source: Internal Feedback Shown by Greg Otto, Executive Director@Comcast at Cloud Foundry Summit 2016
24. The new realities in a DevSecOps world:
1. Changes happen multiple orders of magnitude faster
than previously
2. Security only becomes successful if it can bake in to
the Development/DevOps process
3. For many apps, cost of attack is so low you will be
attacked even if you’re not a brand name
25. The new realities in a DevSecOps world:
1. Changes happen multiple orders of magnitude faster
than previously
2. Security only becomes successful if it can bake in to
the Development/DevOps process
3. For many apps, cost of attack is so low you will be
attacked even if you’re not a brand name
26. The new realities in a DevSecOps world:
1. Changes happen multiple orders of magnitude faster
than previously
2. Security only becomes successful if it can bake in to
the Development/DevOps process
3. For many apps, cost of attack is so low you will be
attacked even if you’re not a brand name
43. Three keys to modern feedback loops:
1. Combination of bug bounty + pentests
2. Bounty is not a replacement for pentest, it augments
pentest
3. Bounty gives general but more real time feedback,
pentest shifts to giving more directed but less
frequent feedback
44. Three keys to modern feedback loops:
1. Combination of bug bounty + pentests
2. Bounty is not a replacement for pentest, it augments
pentest
3. Bounty gives general but more real time feedback,
pentest shifts to giving more directed but less
frequent feedback
45. Three keys to modern feedback loops:
1. Combination of bug bounty + pentests
2. Bounty is not a replacement for pentest, it augments
pentest
3. Bounty gives general but more real time feedback,
pentest shifts to giving more directed but less
frequent feedback
46. Visibility + Feedback success story:
“I discovered the vulnerability late Friday afternoon and
wasn't quite ready to email it to them … [Etsy] had
detected my requests and pushed a patch Saturday
morning before I could email them. This was by far the
fastest response time by any company I've reported to.”
- Source: https://www.reddit.com/r/netsec/comments/vbrzg/
etsy_has_been_one_of_the_best_companies_ive
47. Embrace DevOps, Cloud, and other means of
increasing velocity. But do safely by obtaining:
Visibility + Feedback