KGI compliance as-code approach

•Download as PPTX, PDF•

0 likes•163 views

Chris Southall, Kinney Group

© Kinney Group, Inc. 2021
© Kinney Group, Inc. 2021
Automating STIG
Compliance and Reporting
1
March 2021

© Kinney Group, Inc. 2021
• KGI has been developing automation solutions for Federal customers for
many years where STIG compliant systems are mandated
• There is not a consistent framework for implementing compliance-based
Puppet code
• Most customers implement it poorly or are not equipped with the appropriate
knowledge on Puppet best practices
• Ongoing maintenance of compliance code is time consuming for most
customers
• Having a 3rd party develop and maintain compliance remediation content
reduces risk for when Puppet expertise moves on
2
Identifying a need for a Puppet compliance-as-code standard
Why this Framework was Developed

© Kinney Group, Inc. 2021
• Puppet modules must be well documented
• Centralize code in purpose-built modules that can be quickly implemented
• Enforcement can be toggled on/off at the vulnerability level
• Leverage PuppetDB to store supporting compliance data
• Compliance modules must be data driven to allow customizable behavior
• Should not preclude the management of non-compliance system components
3
Standardization of Compliance Based Puppet Code
Lessons that shaped the KGI Framework

© Kinney Group, Inc. 2021
• One module to manage all STIG vulnerabilities can conflict with existing
Puppet modules
• Customers don’t want to pay for development of remediation content, they
want to pay us to integrate and implement
• Integrating STIG modules efficiently requires some knowledge and expertise
• Customers struggle to keep compliance modules current after we leave (and
resort back to manual bad habits)
4
Challenges we’ve encountered over the years
Typical Challenges

© Kinney Group, Inc. 2021
• Automated STIG Checklist Generator using PuppetDB
• Future: Plans and Tasks for PE integration
• Future: Splunk Compliance App using PuppetDB
5
Additional Benefits/Capabilities

© Kinney Group, Inc. 2021
• U.S. Army – INSCOM
• US Air Force – AFRL and STRATCOM
• US Marine Corps – Technical Services Organization
• Indiana Army National Guard – Indiana Intelligence Center
• State of Indiana – Indiana Office of Technology
6
Practical Implementation Experience

© Kinney Group, Inc. 2021
© Kinney Group, Inc. 2021 7

More Related Content

What's hot

DevOps

Jeremiah Tillman

As cyber threats become more sophisticated, companies of all sizes are struggling to stay secure. Regardless of how many different firewalls you use, it’s merely a matter of time until a threat gets through. To prevent serious breaches, networks must be internally segmented to stop hackers moving freely inside the network and exfiltrating data – but network segmentation must be designed and managed correctly if it’s to be successful. This webinar will examine how to build a micro-segmentation strategy that truly protect your organization’s valuables. In this webinar, Yoni Geva, Product Manager at AlgoSec will cover: • Segmentation challenges • Micro-segmentation explained • Micro-segmentation strategy benefits • Micro-segmentation strategy development – first steps • Implementation Do’s and Don’ts

2019 02-20 micro-segmentation based network security strategies (yoni geva)

2019 02-20 micro-segmentation based network security strategies (yoni geva)

2019 02-20 micro-segmentation based network security strategies (yoni geva)

SRE 101 (Site Reliability Engineering)

SRE 101 (Site Reliability Engineering)

SRE 101 (Site Reliability Engineering)

Hussain Mansoor

WhiteSource Webinar What's New With WhiteSource in December 2018

WhiteSource Webinar What's New With WhiteSource in December 2018

WhiteSource Webinar What's New With WhiteSource in December 2018

DevOps and related trends (cloud-native, digital transformation, etc.) are unquestionably mainstream, but they still come with difficulties. Many organizations are struggling with outdated governance models that slow down digital innovation, while not effectively reducing risk. Plan/build/run, stage-gated checklists, and approval boards are losing favor, but what will replace them? Risk management is still critical. Special guest Charles Betz, Forrester Principal Analyst, joined Dan Beauregard, VP, Cloud & DevOps Evangelist at XebiaLabs, to discuss: • The role of an integrated, end-to-end release pipeline in ensuring auditability and standards compliance • The evolution and automation of change and release management and the decline of the Change Approval Board • Chaos and resilience engineering as the basis for a new governance model

From Chaos to Compliance: The New Digital Governance for DevOps

From Chaos to Compliance: The New Digital Governance for DevOps

From Chaos to Compliance: The New Digital Governance for DevOps

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...

Innovation in Action - #MFSummit2017

Innovation in Action - #MFSummit2017

Innovation in Action - #MFSummit2017

Application Security at DevOps Speed - DevOpsDays Singapore 2016

Application Security at DevOps Speed - DevOpsDays Singapore 2016

Application Security at DevOps Speed - DevOpsDays Singapore 2016

Stefan Streichsbier

Operationalize all the network things

Operationalize all the network things

Operationalize all the network things

We partnered with DevOps.com to get up-to-the-minute insights into the successes and challenges they face with achieving DevOps. Challenges with DevOps and version control are universal. Solutions can be harder to find. Thankfully, hundreds of your peers shared insight on achieving enterprise DevOps. More than 450 people responded to a survey on DevOps.com. They shared: -Their biggest DevOps challenges -Where they face bottlenecks in the CI/CD pipeline -Where they store production-grade assets -The VCS they use -And 13 other DevOps or VCS data points The Correlation Between an Effective VCS and Achieving DevOps Throughout the survey, one theme was clear. There’s a correlation between having an effective VCS and achieving DevOps. We’ll cover the results of the survey. And you’ll learn how to achieve higher quality development and faster time to market.

DevOps Challenges and Version Control

DevOps Challenges and Version Control

DevOps Challenges and Version Control

Julian Berton Preventing a company from becoming the newest data breach statistic can be a daunting prospect. Especially working within a company that employs hundreds of engineers pushing code to production daily, it often feels like everything is on fire and the holy grail of producing a security inspired product is but a dim light growing further and further away. The same feeling is true for security aware engineers being pushed to develop products quickly but also expected to consider quality assurance, operations, security and the reliability of their application or service. To help reduce the bleeding and build more security aware applications at scale, a balance of firefighting, preventative initiatives, automation and "JIT" education is required. So strap yourself in while we take you on a journey through 4 years of security successes and epic failures: * Automation - Implementing a secure-by-default build system (Buildkite) that makes detecting vulnerable dependencies (Snyk), storing secrets (AWS Secrets Manager) and scanning Docker containers, an effortless process. * Prevention - Eradicate several classes of bugs by selecting secure architectural patterns and using automated scripts to detect operational misconfigurations like dangling DNS entries, open S3 buckets, secrets checked into source code and repositories that have been made accidentally public. * "JIT” Education - Changing a companies security culture with RFC's for security standards, security integrated PIR via bug bounty program reports, visibility through security maturity frameworks (BSIMM).

DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...

DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...

DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...

Waterfall is based on the concept of sequential software development—from conception to ongoing maintenance—where each of the many steps flowed logically into the next. Join this webinar presentation to learn: - Why DevOps cannot effectively work in waterfall - How to use DevOps tools to optimize processes in either development or operations through automation We will also discuss what is needed to support full DevOps

How to go from waterfall app dev to secure agile development in 2 weeks

How to go from waterfall app dev to secure agile development in 2 weeks

How to go from waterfall app dev to secure agile development in 2 weeks

DevOps and cloud seem to be a match made in heaven...however, there are challenges that organizations experience when incorporating cloud technologies into their DevOps practices. XebiaLabs Cloud & DevOps Evangelist, Dan Beauregard, and Director of DevOps Strategy, Vincent Lussenburg, discussed why DevOps is leading many organizations to move to the cloud and how to make this transition as seamless as possible in an enterprise environment.

Is Your DevOps Ready for the Cloud?

Is Your DevOps Ready for the Cloud?

Is Your DevOps Ready for the Cloud?

Test What Matters Most

Test What Matters Most

Test What Matters Most

Containerization of microservice based applications enables full team responsibility from code, to operations and eventually maintenance, which enables faster time-to-market, shorter feedback cycles and maximizes continuousness delivery. This modern approach leads to a much higher rate of change, which in turn can lead to chaos. The challenge is how to make sense out of the chaos that deploying containerized microservices at scale creates, and how to get visibility into everything inside, outside and around the containers including the quality of the application’s services. Join the technical experts from Mesosphere and Instana as they tackle visibility and orchestration requirements to deploy and manage your containerized microservice apps and infrastructure.

Microservice Monitoring and Quality Management for Modern Apps and Infrastruc...

Microservice Monitoring and Quality Management for Modern Apps and Infrastruc...

Microservice Monitoring and Quality Management for Modern Apps and Infrastruc...

Jules Pierre-Louis

The adoption of tools for the provisioning and automatic configuration of "Infrastructure as Code" (eg Terraform, Cloudformation or Ansible) reduces cost, time, errors, violations and risks when provisioning and configuring the necessary infrastructure so that our software can run . However, those who have begun to make intensive use of this technology at the business level agree to identify the emergence of a very critical problem regarding the orchestration and governance needs of supply requests such as security, compliance, scalability, integrity and more. Learn how The Digital.ai DevOps Platform (formerly XebiaLabs DevOps Platform) responds to all these problems and many more, allowing you to continue working with your favorite tools.

Infrastructure as Code in Large Scale Organizations

Infrastructure as Code in Large Scale Organizations

Infrastructure as Code in Large Scale Organizations

Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery. Now some good news: you can easily integrate security into your existing processes to solve this challenge. In this session, Shiri Ivtsan, Senior Product Manager at WhiteSource, will discuss: - Leveraging the DevSecOps approach to help speed up security - Scaling security into your agile processes - 5 easy ways to start driving DevSecOps in your organization

The Challenges of Scaling DevSecOps

The Challenges of Scaling DevSecOps

The Challenges of Scaling DevSecOps

On-premise applications are problematic for DevOps because APIs are typically hand-written by a team outside the DevOps process, making automation impossible. Additionally, SOA middleware - which facilitates the communication between the API and the on-premise system - slows down the process. This webinar will examine how to accelerate the build and test cycle by automating microservice-based API generation and bypassing current ESB and SOA middleware. In this webinar, you will learn: The importance of thinking about on-premise applications as part of your DevOps process How to automatically generate APIs directly from on-premise systems Why microservices better encapsulate the communications to your legacy systems when doing DevOps development How to easily generate Java based microservices from your on-premise system Why SOA middleware doesn’t align with the DevOps process Real-world implementation: Eldad Omer from Ayalon Insurance will discuss how microservice-based APIs helped create their DevOps process by integrating common DevOps tools( Jira, Git, Bitbucket, Docker, Jenkins, and Kubernetes) to their on-prem systems. This reduced policy creation time 1000%.

Automating API Generation and DevOps Pipeline for On-Prem Systems

Automating API Generation and DevOps Pipeline for On-Prem Systems

Automating API Generation and DevOps Pipeline for On-Prem Systems

DevOps isn’t just for the “unicorn” companies out there like Google and Apple. DevOps practices are rapidly hitting the mainstream as more organizations realize the need to behave like software companies and improve how they work in order to deliver better value to customers. If you’re sold on the value of DevOps but having trouble getting buy-in from your peers and managers, or if you’re not sure where to get started, this webinar is for you. Based on findings from the 2016 State of DevOps Report, our friends at Puppet share a roadmap for driving DevOps adoption within your organization. We cover: - How to build the business case for DevOps - The cultural changes required - Ways to align incentives and teams to improve collaboration - Key technical practices of high-performing teams - Where to start

Webinar: A Roadmap for DevOps Success

Webinar: A Roadmap for DevOps Success

Webinar: A Roadmap for DevOps Success

Jules Pierre-Louis

In today’s fast-paced world, supporting an ever-growing number of applications across the data center poses significant security management challenges. Managing policies across physical and virtual networks and multivendor security devices requires a delicate balance between ensuring security, reducing risk and provisioning connectivity for critical business applications to increase productivity. Cisco ACI reduces TCO, automates IT tasks, and accelerates data center application deployments, using a business-relevant software defined networking (SDN) policy model. Through a seamless integration, AlgoSec extends Cisco ACI’s security policy-based automation to all security devices across the enterprise network, both inside and outside the data center. Join Ranga Rao, Director of Solutions Engineering at Cisco, and Anner Kushnir, VP of Technology at AlgoSec on Wednesday, February 1, at 12pm ET/9am PT for a technical webinar where they will discuss how to leverage the integrated Cisco ACI-AlgoSec solution to process and apply security policy changes quickly, assess and reduce risk, ensure continuous compliance, and maintain a strong security posture across your entire network estate. Attend this must-see webinar and learn how to: - Get visibility into the Cisco ACI security environment and extend Cisco ACI policy-based automation across the enterprise network - Proactively assess risk for the Cisco ACI fabric and recommend changes to eliminate misconfigurations and compliance violations - Automate the configuration of security devices on the ACI fabric - Generate audit-ready regulatory compliance reports for the entire Cisco ACI fabric

Cisco aci and AlgoSec webinar

Cisco aci and AlgoSec webinar

Cisco aci and AlgoSec webinar

What's hot (20)

DevOps

2019 02-20 micro-segmentation based network security strategies (yoni geva)

2019 02-20 micro-segmentation based network security strategies (yoni geva)

2019 02-20 micro-segmentation based network security strategies (yoni geva)

SRE 101 (Site Reliability Engineering)

SRE 101 (Site Reliability Engineering)

SRE 101 (Site Reliability Engineering)

WhiteSource Webinar What's New With WhiteSource in December 2018

WhiteSource Webinar What's New With WhiteSource in December 2018

WhiteSource Webinar What's New With WhiteSource in December 2018

From Chaos to Compliance: The New Digital Governance for DevOps

From Chaos to Compliance: The New Digital Governance for DevOps

From Chaos to Compliance: The New Digital Governance for DevOps

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...

Innovation in Action - #MFSummit2017

Innovation in Action - #MFSummit2017

Innovation in Action - #MFSummit2017

Application Security at DevOps Speed - DevOpsDays Singapore 2016

Application Security at DevOps Speed - DevOpsDays Singapore 2016

Application Security at DevOps Speed - DevOpsDays Singapore 2016

Operationalize all the network things

Operationalize all the network things

Operationalize all the network things

DevOps Challenges and Version Control

DevOps Challenges and Version Control

DevOps Challenges and Version Control

DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...

DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...

DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...

How to go from waterfall app dev to secure agile development in 2 weeks

How to go from waterfall app dev to secure agile development in 2 weeks

How to go from waterfall app dev to secure agile development in 2 weeks

Is Your DevOps Ready for the Cloud?

Is Your DevOps Ready for the Cloud?

Is Your DevOps Ready for the Cloud?

Test What Matters Most

Test What Matters Most

Test What Matters Most

Microservice Monitoring and Quality Management for Modern Apps and Infrastruc...

Microservice Monitoring and Quality Management for Modern Apps and Infrastruc...

Microservice Monitoring and Quality Management for Modern Apps and Infrastruc...

Infrastructure as Code in Large Scale Organizations

Infrastructure as Code in Large Scale Organizations

Infrastructure as Code in Large Scale Organizations

The Challenges of Scaling DevSecOps

The Challenges of Scaling DevSecOps

The Challenges of Scaling DevSecOps

Automating API Generation and DevOps Pipeline for On-Prem Systems

Automating API Generation and DevOps Pipeline for On-Prem Systems

Automating API Generation and DevOps Pipeline for On-Prem Systems

Webinar: A Roadmap for DevOps Success

Webinar: A Roadmap for DevOps Success

Webinar: A Roadmap for DevOps Success

Cisco aci and AlgoSec webinar

Cisco aci and AlgoSec webinar

Cisco aci and AlgoSec webinar

Similar to KGI compliance as-code approach

Overview This case-study is about how to successfully build an agile, globally distributed team to deliver a very critical project against changing requirement and tight deadline. When a Fortune 500 financial company turned to our team to deliver a GDPR implementation in eight months, we were excited to tackle the project. The implementation’s tight timeline and dynamic requirements introduced an interesting challenge; one that we were confident we could accomplish by applying agile methodology. But the project also involved five distributed scrum teams, with more than 50 people across Hyderabad, US and Pune. When it comes to globally distributed teams, the biggest deterrent to implementing agile methodology is physical location. Some of the challenges that must be considered include team efficiency and productivity, real-time implementation feedback and team alignment. Throughout the project, our team also needed to manage evolving business requirements while technical implementations were already underway. Additionally, each customer product used a different method of communication, which meant that our team needed to frequently adapt to changing scenarios. At the end of the project, our team not only successfully deployed more than 500 client products onto the GDPR platform in the scheduled timeline, but they also developed a working model of managing a distributed team using agile philosophy. Key Takeaways 1. Achieving Accelerated Business Value Delivery 2. EPAM Unique Engineering best practices 3. Building a Continuous Feedback Mechanism 4. Building Mature Quality Gates with DevOps 5. Impact on Customer

ANI | Agile Hyderanad | Gdpr distributed team-case_study-agile conference | 2...

ANI | Agile Hyderanad | Gdpr distributed team-case_study-agile conference | 2...

ANI | Agile Hyderanad | Gdpr distributed team-case_study-agile conference | 2...

The tempo for software delivery to the warfighter continues to accelerate to meet the goals and demands of their missions. Pressures to rapidly build and deploy mission software drive the need to deliver new capabilities via DevSecOps pipelines. Many of the latest leading-edge DevSecOps practices draw heavily from commercial tech companies and innovative programs across DoD like Kessel Run. What are these latest trends, and how do you take advantage of them? How do you quantify the risk of microservices, new languages and frameworks, and cloud environments and still obtain authority to operate (ATO)? The ThreadFix platform has built-in automation and orchestration capabilities to enable your teams to provide immediate feedback in the form of policy evaluation, notifications in the form of emails and automated developer defect creation, and decision-making on your CI program as scan results are generated. In addition to built-in automation, plugins and the ThreadFix API enable CI programs to seamlessly integrate security testing into existing build/release pipelines to provide evaluation of code changes directly to your development tools. These key issue items and other trends will be discussed in this highly interactive briefing, providing critical insights on how to inject agility and responsiveness into environments that have traditionally struggled to keep pace with modern development approaches.

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

Gap assessment kubernetes

Gap assessment kubernetes

Gap assessment kubernetes

We specializing in: - HD Video Conferencing & LIVE Streaming Solution for Education, Hospital, Graphic Design Industry - Dedicated High Speed Broadband for House, SME & Corporate. - NGV (New Generation Voice) Solution : eg: Unlimited Free Call Saving Solution for Telemarketing, Call Centre - New Smart Wi-Fi Solution for SME & huge Mall. - Intelligent Cloud Solution (ERP, POS, CRM) for Chain Stores, SME, Hotel, Customer Service Centre - Comprehensive Raised Floor, Cooling, Fireproof solution for DataCentre - Comprehensive Network Infra, Structured Cabling Works for NEW Startup Business, Offices & Buildings.

Company Profile - jvnetwroks resources sdn bhd

IT FIRST SDN BHD

FIDO in Action: Real World Development Case Studies

FIDO in Action: Real World Development Case Studies

FIDO in Action: Real World Development Case Studies

Elearning case study for Multinational conglomerate

Elearning case study for Multinational conglomerate

Elearning case study for Multinational conglomerate

ASK EHS Engineering & Consultants

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...

Tim Mackey is a principal security strategist with the Synopsys Cybersecurity Research Center(CyRC). Within this role, he engages with various technical and business communities to understand how application security is evolving with ever-expanding attack surfaces and increasingly sophisticated threats. He specializes in container security, virtualization, cloud technologies, distributed systems engineering, mission critical engineering, performance monitoring, and large-scale data center operations. Tim takes the lessons learned from these activities and delivers talks globally at conferences like RSA, KubeCon and InfoSec. For more information, please visit www.synopsys.com/software.

Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks

Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks

Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks

Synopsys Software Integrity Group

Slides from webinar, co-hosted by the Vivit UK & Ireland Local User Groups on May 27th 2020. James Walker from Curiosity Software Ireland presented on model-based testing for ALM/Octane, setting out how model-based testing enables greater communication, collaboration and end-to-end automation. For many organizations today, ALM Octane provides the single source of truth for distributed teams. Its scalable test management keeps testers and developers synchronised with granular analysis of testing progress and results, all integrated into CI/CD pipelines and agile methodologies. However, the quality of this testing remains dependent on the quality of the tests fed in and assigned to testers. Testing speed furthermore remains limited by the efficiency of that test creation. Manual, unsystematic test design and a reliance on low-coverage production data will still lead to low coverage tests. Those tests will also remain impossible to maintain in tight iterations, leaving new releases further exposed to damaging bugs. Impeccable test management instead deserves impeccable test design. This webinar demonstrated how model-based test generation seamlessly maintains optimized test cases and data in ALM Octane, all linked to system requirements and automation frameworks for in-sprint maintenance and test execution. You will discover a requirements-driven approach to test maintenance, in which test cases, scripts and data are maintained as quick-to-build flowcharts are updated. Powerful mathematical algorithms generate the smallest set of tests needed to “cover” the latest system logic, with “just in time” data allocation to ensure that every test has valid test data. Pushing the tests to integrated automation frameworks enables truly “Continuous Testing”, with granular run results synchronized automatically in ALM Octane.

Model-Based Testing for ALM Octane: Better tests, built faster

Model-Based Testing for ALM Octane: Better tests, built faster

Model-Based Testing for ALM Octane: Better tests, built faster

Curiosity Software Ireland

Aroy presentation1

Aroy presentation1

Aroy presentation1

ANINDITA ROY, PMP, CSM, ITIL

RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...

RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...

RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...

Synopsys Software Integrity Group

Improving Quality through Continuous Integration - A case study of CollabNet

Improving Quality through Continuous Integration - A case study of CollabNet

Improving Quality through Continuous Integration - A case study of CollabNet

Venkat Janardhanam, MS, MBA

We've Got Docker & Cloud, Now What?

We've Got Docker & Cloud, Now What?

We've Got Docker & Cloud, Now What?

Advanced engineering practices to achieve higher agility quotient v1.0

Advanced engineering practices to achieve higher agility quotient v1.0

Advanced engineering practices to achieve higher agility quotient v1.0

Musarrath Jabeen

VishalSrivastava_NewV1.0

VishalSrivastava_NewV1.0

VishalSrivastava_NewV1.0

Vishal Srivastava

Using Kubernetes for orchestration? Great—we hope things are running smoothly. The thing about Kubernetes, though, is that it tends to surprise you—throwing curveballs just when you think you've finally mastered the art of container management. And those curveballs usually come at you when you try to scale up. So, how can you scale K8s without striking out due to speed and reliability (not to mention sanity) issues? Join Guy Menahem, solution architect at Komodor, as he shares some of the hard lessons he learned from his own experiences with Kubernetes, including: - The “phantom” challenges of working with K8s - The five key factors you can’t ignore when scaling K8s - Best practices and tools for a smooth-running K8s system

5 things we learned not to ignore while scaling kubernetes webinar dev ops.co...

5 things we learned not to ignore while scaling kubernetes webinar dev ops.co...

5 things we learned not to ignore while scaling kubernetes webinar dev ops.co...

GEP-Supply-Chain-Planning-Guide-Fnl_0.pdf

GEP-Supply-Chain-Planning-Guide-Fnl_0.pdf

GEP-Supply-Chain-Planning-Guide-Fnl_0.pdf

How to prepare a project for automated deployment?

How to prepare a project for automated deployment?

How to prepare a project for automated deployment?

Cai apo clients activity

Cai apo clients activity

Cai apo clients activity

Computer Aid, Inc

… you should also know when not to use it. This is what Philip and Nico will talk about in this session. They will share all the things they have learned and seen over the past years. Philip and Nico share real-world examples of what they've seen in projects and tell you what went wrong and what could have been done better. And why Kubernetes has been the wrong choice for some of them. Applications and use-cases that do not fit Kubernetes are just one example we will talk about. Join this talk to learn how to take full advantage of Kubernetes and learn where it fits to run your workload successfully. That said: We love Kubernetes!

Cloud Love Conference: Kubernetes is awesome, but...

Cloud Love Conference: Kubernetes is awesome, but...

Cloud Love Conference: Kubernetes is awesome, but...

Nico Meisenzahl

Similar to KGI compliance as-code approach (20)

ANI | Agile Hyderanad | Gdpr distributed team-case_study-agile conference | 2...

ANI | Agile Hyderanad | Gdpr distributed team-case_study-agile conference | 2...

ANI | Agile Hyderanad | Gdpr distributed team-case_study-agile conference | 2...

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

Gap assessment kubernetes

Gap assessment kubernetes

Gap assessment kubernetes

Company Profile - jvnetwroks resources sdn bhd

FIDO in Action: Real World Development Case Studies

FIDO in Action: Real World Development Case Studies

FIDO in Action: Real World Development Case Studies

Elearning case study for Multinational conglomerate

Elearning case study for Multinational conglomerate

Elearning case study for Multinational conglomerate

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...

Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks

Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks

Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks

Model-Based Testing for ALM Octane: Better tests, built faster

Model-Based Testing for ALM Octane: Better tests, built faster

Model-Based Testing for ALM Octane: Better tests, built faster

Aroy presentation1

Aroy presentation1

Aroy presentation1

RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...

RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...

RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...

Improving Quality through Continuous Integration - A case study of CollabNet

Improving Quality through Continuous Integration - A case study of CollabNet

Improving Quality through Continuous Integration - A case study of CollabNet

We've Got Docker & Cloud, Now What?

We've Got Docker & Cloud, Now What?

We've Got Docker & Cloud, Now What?

Advanced engineering practices to achieve higher agility quotient v1.0

Advanced engineering practices to achieve higher agility quotient v1.0

Advanced engineering practices to achieve higher agility quotient v1.0

VishalSrivastava_NewV1.0

VishalSrivastava_NewV1.0

VishalSrivastava_NewV1.0

5 things we learned not to ignore while scaling kubernetes webinar dev ops.co...

5 things we learned not to ignore while scaling kubernetes webinar dev ops.co...

5 things we learned not to ignore while scaling kubernetes webinar dev ops.co...

GEP-Supply-Chain-Planning-Guide-Fnl_0.pdf

GEP-Supply-Chain-Planning-Guide-Fnl_0.pdf

GEP-Supply-Chain-Planning-Guide-Fnl_0.pdf

How to prepare a project for automated deployment?

How to prepare a project for automated deployment?

How to prepare a project for automated deployment?

Cai apo clients activity

Cai apo clients activity

Cai apo clients activity

Cloud Love Conference: Kubernetes is awesome, but...

Cloud Love Conference: Kubernetes is awesome, but...

Cloud Love Conference: Kubernetes is awesome, but...

More from Puppet

Puppet camp2021 testing modules and controlrepo

Puppet camp2021 testing modules and controlrepo

Puppet camp2021 testing modules and controlrepo

Puppetcamp r10kyaml

Puppetcamp r10kyaml

Puppetcamp r10kyaml

2021 04-15 operational verification (with notes)

2021 04-15 operational verification (with notes)

2021 04-15 operational verification (with notes)

Puppet camp vscode

Puppet camp vscode

Puppet camp vscode

Modules of the twenties

Modules of the twenties

Modules of the twenties

Applying Roles and Profiles method to compliance code

Applying Roles and Profiles method to compliance code

Applying Roles and Profiles method to compliance code

Enforce compliance policy with model-driven automation

Enforce compliance policy with model-driven automation

Enforce compliance policy with model-driven automation

As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization. Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance. In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.

Automating it management with Puppet + ServiceNow

Automating it management with Puppet + ServiceNow

Automating it management with Puppet + ServiceNow

Puppet: The best way to harden Windows

Puppet: The best way to harden Windows

Puppet: The best way to harden Windows

Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse. Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution. Join this webinar to learn how to do the following with Puppet: Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems. Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console. Ensure your systems are compliant and patched in a healthy state How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems. Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.

Simplified Patch Management with Puppet - Oct. 2020

Simplified Patch Management with Puppet - Oct. 2020

Simplified Patch Management with Puppet - Oct. 2020

Accelerating azure adoption with puppet

Accelerating azure adoption with puppet

Accelerating azure adoption with puppet

Puppet catalog Diff; Raphael Pinson

Puppet catalog Diff; Raphael Pinson

Puppet catalog Diff; Raphael Pinson

ServiceNow and Puppet- better together, Kevin Reeuwijk

ServiceNow and Puppet- better together, Kevin Reeuwijk

ServiceNow and Puppet- better together, Kevin Reeuwijk

Take control of your dev ops dumping ground

Take control of your dev ops dumping ground

Take control of your dev ops dumping ground

100% Puppet Cloud Deployment of Legacy Software

100% Puppet Cloud Deployment of Legacy Software

100% Puppet Cloud Deployment of Legacy Software

Puppet User Group

Puppet User Group

Puppet User Group

Continuous Compliance and DevSecOps

Continuous Compliance and DevSecOps

Continuous Compliance and DevSecOps

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

ServiceNow and Puppet- better together, Kevin Reeuwijk

ServiceNow and Puppet- better together, Kevin Reeuwijk

ServiceNow and Puppet- better together, Kevin Reeuwijk

Puppet in k8s, Miroslav Hadzhiev

Puppet in k8s, Miroslav Hadzhiev

Puppet in k8s, Miroslav Hadzhiev

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo

Puppet camp2021 testing modules and controlrepo

Puppet camp2021 testing modules and controlrepo

Puppetcamp r10kyaml

Puppetcamp r10kyaml

Puppetcamp r10kyaml

2021 04-15 operational verification (with notes)

2021 04-15 operational verification (with notes)

2021 04-15 operational verification (with notes)

Puppet camp vscode

Puppet camp vscode

Puppet camp vscode

Modules of the twenties

Modules of the twenties

Modules of the twenties

Applying Roles and Profiles method to compliance code

Applying Roles and Profiles method to compliance code

Applying Roles and Profiles method to compliance code

Enforce compliance policy with model-driven automation

Enforce compliance policy with model-driven automation

Enforce compliance policy with model-driven automation

Automating it management with Puppet + ServiceNow

Automating it management with Puppet + ServiceNow

Automating it management with Puppet + ServiceNow

Puppet: The best way to harden Windows

Puppet: The best way to harden Windows

Puppet: The best way to harden Windows

Simplified Patch Management with Puppet - Oct. 2020

Simplified Patch Management with Puppet - Oct. 2020

Simplified Patch Management with Puppet - Oct. 2020

Accelerating azure adoption with puppet

Accelerating azure adoption with puppet

Accelerating azure adoption with puppet

Puppet catalog Diff; Raphael Pinson

Puppet catalog Diff; Raphael Pinson

Puppet catalog Diff; Raphael Pinson

ServiceNow and Puppet- better together, Kevin Reeuwijk

ServiceNow and Puppet- better together, Kevin Reeuwijk

ServiceNow and Puppet- better together, Kevin Reeuwijk

Take control of your dev ops dumping ground

Take control of your dev ops dumping ground

Take control of your dev ops dumping ground

100% Puppet Cloud Deployment of Legacy Software

100% Puppet Cloud Deployment of Legacy Software

100% Puppet Cloud Deployment of Legacy Software

Puppet User Group

Puppet User Group

Puppet User Group

Continuous Compliance and DevSecOps

Continuous Compliance and DevSecOps

Continuous Compliance and DevSecOps

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

ServiceNow and Puppet- better together, Kevin Reeuwijk

ServiceNow and Puppet- better together, Kevin Reeuwijk

ServiceNow and Puppet- better together, Kevin Reeuwijk

Puppet in k8s, Miroslav Hadzhiev

Puppet in k8s, Miroslav Hadzhiev

Puppet in k8s, Miroslav Hadzhiev

Recently uploaded

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Manulife - Insurer Transformation Award 2024

Manulife - Insurer Transformation Award 2024

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Rustici Software

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

rafiqahmad00786416

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Manulife - Insurer Transformation Award 2024

Manulife - Insurer Transformation Award 2024

Manulife - Insurer Transformation Award 2024

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

KGI compliance as-code approach

1. © Kinney Group, Inc. 2021 © Kinney Group, Inc. 2021 Automating STIG Compliance and Reporting 1 March 2021

2. © Kinney Group, Inc. 2021 • KGI has been developing automation solutions for Federal customers for many years where STIG compliant systems are mandated • There is not a consistent framework for implementing compliance-based Puppet code • Most customers implement it poorly or are not equipped with the appropriate knowledge on Puppet best practices • Ongoing maintenance of compliance code is time consuming for most customers • Having a 3rd party develop and maintain compliance remediation content reduces risk for when Puppet expertise moves on 2 Identifying a need for a Puppet compliance-as-code standard Why this Framework was Developed

3. © Kinney Group, Inc. 2021 • Puppet modules must be well documented • Centralize code in purpose-built modules that can be quickly implemented • Enforcement can be toggled on/off at the vulnerability level • Leverage PuppetDB to store supporting compliance data • Compliance modules must be data driven to allow customizable behavior • Should not preclude the management of non-compliance system components 3 Standardization of Compliance Based Puppet Code Lessons that shaped the KGI Framework

4. © Kinney Group, Inc. 2021 • One module to manage all STIG vulnerabilities can conflict with existing Puppet modules • Customers don’t want to pay for development of remediation content, they want to pay us to integrate and implement • Integrating STIG modules efficiently requires some knowledge and expertise • Customers struggle to keep compliance modules current after we leave (and resort back to manual bad habits) 4 Challenges we’ve encountered over the years Typical Challenges

5. © Kinney Group, Inc. 2021 • Automated STIG Checklist Generator using PuppetDB • Future: Plans and Tasks for PE integration • Future: Splunk Compliance App using PuppetDB 5 Additional Benefits/Capabilities

6. © Kinney Group, Inc. 2021 • U.S. Army – INSCOM • US Air Force – AFRL and STRATCOM • US Marine Corps – Technical Services Organization • Indiana Army National Guard – Indiana Intelligence Center • State of Indiana – Indiana Office of Technology 6 Practical Implementation Experience

7. © Kinney Group, Inc. 2021 © Kinney Group, Inc. 2021 7