Demystifying StackRox
Unlock zero trust cloud-native security in Kubernetes
- Track: Security devroom
- Room: UA2.118 (Henriot)
- Day: Saturday
- Start: 18:30
- End: 18:55
- Video only: ua2118_henriot
- Chat: Join the conversation!
StackRox integrates with every stage of the container lifecycle: build, deploy, and runtime. It has the ability to monitor, scan, and prevent the execution of vulnerable code, and container images in multiple and almost any flavor of your Kubernetes clusters that too from a single control plane. It plays a huge role in its supply chain security pattern by providing continuous scanning via CI/CD pipelines and integration with image registries so that vulnerable and misconfigured container images could be remediated within the same developer environment, with real-time feedback and alerts.
At the end of this session, users will have a fair knowledge on: - How StackRox in a cloud-native way could help to observe, analyze and react on 1:N Kubernetes clusters with minimal human efforts (1: Control Plane, N: Secured Kubernetes Clusters) - How teams could reduce operational overhead and streamline security practices in large-scale environments.
As a developer or security admin, you might have questions like: - What kind of tracing and monitoring is needed to determine potential threats in a large-scale cluster? - How to ensure the code is being delivered through secured infrastructure? - How one could proactively detect the vulnerabilities and secure the components as soon as they are affected?
The intent of this session is to address these concerns and this would also emphasize on: - How StackRox helps to shift left the security efforts for developers and security teams - Glimpse of an Admission Controller detecting policy violations caused by insecure workloads - Significance of eBPF nodes - The DevSecOps model & supply chain security practices. Here, the demonstration would cover standard CI/CD definitions via Jenkins or ArgoCD that integrates with Kubernetes clusters where a security admin could keep the day2 security tasks in an auto-pilot mode and yet be able to maintain an end-to-end secured infrastructure.
Speakers
Rutvik |