SlideShare a Scribd company logo

Container Security Using Microsoft Defender

Rahul Khengare
Rahul Khengare

Microsoft Defender for Containers provides security for container workloads running on Kubernetes. It monitors clusters for misconfigurations and vulnerabilities, provides runtime threat detection, and generates alerts. It works across multiple clouds by deploying agents and daemons to collect security signals from the API server, nodes, and images. A demonstration showed Microsoft Defender in action monitoring container workloads.

1 of 20
Downloaded 13 times
Container Security with Microsoft Defender Rahul Khengare 18th Mar 2023 DevOps-Pune Meetup Group
About Me Sr. Sta๏ฌ€ Engineer, Zscaler โ—Ž Cloud Security/DevOps/DevSecOps/SRE โ—Ž Blogger (oss-world, thesecuremonk) โ—Ž Co-Organizer โ—‹ DevOps-Pune, DevSecOps-Pune โ—Ž Open Source Software and CIS Contributor โ—Ž Past Organization: Cloudneeti, Motifworks, NTT Data โ—Ž https://www.linkedin.com/in/rahulkhengare
Agenda โ—Ž Need for Container Security โ—Ž Overview of Microsoft Defender for Cloud โ—Ž Microsoft Defender Capabilities โ—Ž How it works โ—Ž Demo
How you are securing the container workloads?
Known Practices โ—Ž Use of private registry and trusted images โ—Ž Continuous Vulnerability scanning of images (Trivy, Encore) โ—Ž Limit container privileges โ—Ž Use of network segmentation โ—Ž Implement least privilege access (RBAC) โ—Ž Logging and Monitoring โ—Ž Implement runtime security for threat detection โ—Ž Preventive and detective policies - Kyverno โ—Ž Security and Compliance Audits โ—Ž Certificates, securing endpoints โ—Ž Many More โ€ฆ
โ€œ 93% experienced at least one security incident in their Kubernetes environments in the last 12 months - State of Kubernetes security report * Kubernetes adoption, security, and market trends report 2022
Microsoft Defender What it is? Capabilities? How it works?
Overview of Microsoft Defender for container โ—Ž Cloud Native solution to โ—‹ Improve โ—‹ Monitor โ—‹ Maintain the security of your clusters, containers, and their applications. โ—Ž Multi-cloud Supports K8s o๏ฌ€ering and registries from di๏ฌ€erent CSP like EKS, GKE, ECR โ—Ž Kubernetes Native Deployment at Scale โ—Ž Provides Security Alerts and Remediation Capabilities RUN TIME Threat Detection ENVIRONMENT HARDENING Cluster Configurations Vulnerability Container Image Container Security
Environment Hardening 9 โ—Ž Continuous monitoring of your Kubernetes clusters โ—‹ Wherever they're hosted [AWS - EKS, Azure - AKS, GCP - GKE, On-Premise (using ARC)] โ—‹ Continuously assess clusters to provide visibility of misconfigurations โ—‹ Provide Guidelines to mitigate the issues โ—Ž Kubernetes data plane hardening โ—‹ Azure Policy add on โ—‰ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. โ—‹ Defender Daemonset โ—‰ Deployed to each worker node, collects security-related data and sends it to Defender for analysis. Required for runtime protections and security capabilities
Environment Hardening 10
Vulnerability Assessment 11 โ—Ž Supports Azure ACR and AWS ECR โ—Ž Triggers โ—‹ On push โ—‹ Recently pulled โ—‹ On import โ—‹ Continuous scan based on an image pull and for running images โ—Ž View and remediate findings โ—Ž Disable specific findings like severity below medium, non patchable findings
Runtime Threat Protection 12 โ—Ž Provides real-time threat protection โ—Ž Generates alerts for suspicious activities โ—Ž Threat protection at the cluster level โ—‹ Provided by the Defender agent and analysis of the Kubernetes audit logs. โ—Ž Threat protection at Host level โ—Ž Monitors the attack surface of multi cloud Kubernetes deployments based on MITRE ATT&CKยฎ matrix for Containers โ—Ž Examples: โ—‹ Exposed Kubernetes dashboards, High-privileged roles, Sensitive mounts โ—‹ Anomalous secret access, Detected suspicious file download, Possible backdoor detected
Runtime Protection - Alerts 13
How it works 14 โ—Ž Defender for Containers receives and analyzes: โ—‹ Audit logs and security events from the API server โ—‹ Cluster configuration information from the control plane โ—‹ Workload configuration from Azure Policy โ—‹ Security signals and events from the node level โ—Ž Components deployed โ—‹ Azure Policy add on โ—‰ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. [azure-policy, azure-policy-webhook] โ—‹ Defender Profile Daemonset โ—‰ Deployed to each node provides the runtime protections and collects signals from nodes using eBPF technology. [Microsoft-defender-collector-ds, microsoft-defender-publisher-ds, microsoft-defender-collector-misc]
How it works for AKS 15
How it works for EKS 16
How it works for GKE 17
Demo Defender in Actionโ€ฆ
Thanks! Any questions?
References โ—Ž Microsoft Defender for container โ—Ž Runtime alerts for Kubernetes cluster โ—Ž Azure provided container recommendations โ—Ž Vulnerable K8s for testing โ—Ž Azure Policies for K8s
Ad

Recommended

Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
ย 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
Haris Chughtai
ย 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
ย 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
ย 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
ย 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
ย 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
arnaudlh
ย 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
ย 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
ย 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi โ˜๏ธ
ย 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
ย 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
Robert Crane
ย 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
Drew Madelung
ย 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
Maganathin Veeraragaloo
ย 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
ย 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
ย 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
ย 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
ย 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
ย 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy
โ˜ Hicham KADIRI โ˜
ย 
Secure Access โ€“ Anywhere by Prisma, PaloAlto
Secure Access โ€“ Anywhere by Prisma, PaloAltoSecure Access โ€“ Anywhere by Prisma, PaloAlto
Secure Access โ€“ Anywhere by Prisma, PaloAlto
Prime Infoserv
ย 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
ย 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
ErikHof4
ย 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Nicholas Vossburg
ย 
cloud computing Multi cloud
cloud computing Multi cloudcloud computing Multi cloud
cloud computing Multi cloud
Dr.Neeraj Kumar Pandey
ย 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
ย 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
Robert Crane
ย 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
ย 
Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnative
Frederik Mogensen
ย 
AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23
Rahul Khengare
ย 
Ad

More Related Content

What's hot (20)

Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
ย 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi โ˜๏ธ
ย 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
ย 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
Robert Crane
ย 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
Drew Madelung
ย 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
Maganathin Veeraragaloo
ย 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
ย 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
ย 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
ย 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
ย 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
ย 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy
โ˜ Hicham KADIRI โ˜
ย 
Secure Access โ€“ Anywhere by Prisma, PaloAlto
Secure Access โ€“ Anywhere by Prisma, PaloAltoSecure Access โ€“ Anywhere by Prisma, PaloAlto
Secure Access โ€“ Anywhere by Prisma, PaloAlto
Prime Infoserv
ย 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
ย 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
ErikHof4
ย 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Nicholas Vossburg
ย 
cloud computing Multi cloud
cloud computing Multi cloudcloud computing Multi cloud
cloud computing Multi cloud
Dr.Neeraj Kumar Pandey
ย 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
ย 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
Robert Crane
ย 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
ย 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
ย 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi โ˜๏ธ
ย 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
ย 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
Robert Crane
ย 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
Drew Madelung
ย 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
Maganathin Veeraragaloo
ย 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
ย 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
ย 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
ย 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
ย 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
ย 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy
โ˜ Hicham KADIRI โ˜
ย 
Secure Access โ€“ Anywhere by Prisma, PaloAlto
Secure Access โ€“ Anywhere by Prisma, PaloAltoSecure Access โ€“ Anywhere by Prisma, PaloAlto
Secure Access โ€“ Anywhere by Prisma, PaloAlto
Prime Infoserv
ย 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
ย 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
ErikHof4
ย 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Nicholas Vossburg
ย 
cloud computing Multi cloud
cloud computing Multi cloudcloud computing Multi cloud
cloud computing Multi cloud
Dr.Neeraj Kumar Pandey
ย 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
ย 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
Robert Crane
ย 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
ย 

Similar to Container Security Using Microsoft Defender (20)

Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnative
Frederik Mogensen
ย 
AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23
Rahul Khengare
ย 
Testing Docker Images Security
Testing Docker Images SecurityTesting Docker Images Security
Testing Docker Images Security
Jose Manuel Ortega Candel
ย 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz Eckert
ContainerDay Security 2023
ย 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz Eckert
ContainerDay Security 2023
ย 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
Eric Smalling
ย 
Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017
Jose Manuel Ortega Candel
ย 
[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments
WSO2
ย 
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar
ย 
Top 20 Cloud Security Professional Interview Q&A.pdf
Top 20 Cloud Security Professional Interview Q&A.pdfTop 20 Cloud Security Professional Interview Q&A.pdf
Top 20 Cloud Security Professional Interview Q&A.pdf
infosecTrain
ย 
Top 20 Cloud Security Professional Interview Questions and Answers
Top 20 Cloud Security Professional Interview Questions and AnswersTop 20 Cloud Security Professional Interview Questions and Answers
Top 20 Cloud Security Professional Interview Questions and Answers
priyanshamadhwal2
ย 
Ready to Ace Your Cloud Security Interview.
Ready to Ace Your Cloud Security Interview.Ready to Ace Your Cloud Security Interview.
Ready to Ace Your Cloud Security Interview.
InfosecTrain
ย 
c0c0n Elastic Security Workshop - 7.7 [Elastic SIEM].pptx
c0c0n Elastic Security Workshop - 7.7 [Elastic SIEM].pptxc0c0n Elastic Security Workshop - 7.7 [Elastic SIEM].pptx
c0c0n Elastic Security Workshop - 7.7 [Elastic SIEM].pptx
cemybone
ย 
Mitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVMMitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVM
Apostolos Giannakidis
ย 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Cloud Native Day Tel Aviv
ย 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
CloudVillage
ย 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Jose Hernandez
ย 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional
Hatem ElSahhar
ย 
Hardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing PodsHardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing Pods
Suraj Deshmukh
ย 
Hello, Docker!
Hello, Docker!Hello, Docker!
Hello, Docker!
Michael Kwesi Essandoh
ย 
Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnative
Frederik Mogensen
ย 
AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23AzurePolicy DevOps Pune Feb23
AzurePolicy DevOps Pune Feb23
Rahul Khengare
ย 
Testing Docker Images Security
Testing Docker Images SecurityTesting Docker Images Security
Testing Docker Images Security
Jose Manuel Ortega Candel
ย 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz Eckert
ContainerDay Security 2023
ย 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz Eckert
ContainerDay Security 2023
ย 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
Eric Smalling
ย 
Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017Testing Docker Images Security -All day dev ops 2017
Testing Docker Images Security -All day dev ops 2017
Jose Manuel Ortega Candel
ย 
[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments
WSO2
ย 
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar
ย 
Top 20 Cloud Security Professional Interview Q&A.pdf
Top 20 Cloud Security Professional Interview Q&A.pdfTop 20 Cloud Security Professional Interview Q&A.pdf
Top 20 Cloud Security Professional Interview Q&A.pdf
infosecTrain
ย 
Top 20 Cloud Security Professional Interview Questions and Answers
Top 20 Cloud Security Professional Interview Questions and AnswersTop 20 Cloud Security Professional Interview Questions and Answers
Top 20 Cloud Security Professional Interview Questions and Answers
priyanshamadhwal2
ย 
Ready to Ace Your Cloud Security Interview.
Ready to Ace Your Cloud Security Interview.Ready to Ace Your Cloud Security Interview.
Ready to Ace Your Cloud Security Interview.
InfosecTrain
ย 
c0c0n Elastic Security Workshop - 7.7 [Elastic SIEM].pptx
c0c0n Elastic Security Workshop - 7.7 [Elastic SIEM].pptxc0c0n Elastic Security Workshop - 7.7 [Elastic SIEM].pptx
c0c0n Elastic Security Workshop - 7.7 [Elastic SIEM].pptx
cemybone
ย 
Mitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVMMitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVM
Apostolos Giannakidis
ย 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Cloud Native Day Tel Aviv
ย 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
CloudVillage
ย 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Jose Hernandez
ย 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional
Hatem ElSahhar
ย 
Hardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing PodsHardening Kubernetes by Securing Pods
Hardening Kubernetes by Securing Pods
Suraj Deshmukh
ย 
Hello, Docker!
Hello, Docker!Hello, Docker!
Hello, Docker!
Michael Kwesi Essandoh
ย 
Ad

Recently uploaded (20)

What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
ย 
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
ย 
HCL Nomad Web โ€“ Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web โ€“ Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web โ€“ Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web โ€“ Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
ย 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
ย 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
ย 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
ย 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
ย 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
ย 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
ย 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
ย 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
ย 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
ย 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
ย 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
ย 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
ย 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
ย 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
ย 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
ย 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
ย 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
ย 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
ย 
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything โ€“ Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
ย 
HCL Nomad Web โ€“ Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web โ€“ Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web โ€“ Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web โ€“ Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
ย 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
ย 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
ย 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
ย 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
ย 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
ย 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
ย 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
ย 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
ย 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
ย 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
ย 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
ย 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
ย 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
ย 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
ย 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
ย 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
ย 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
ย 
Ad

Container Security Using Microsoft Defender

  • 1. Container Security with Microsoft Defender Rahul Khengare 18th Mar 2023 DevOps-Pune Meetup Group
  • 2. About Me Sr. Sta๏ฌ€ Engineer, Zscaler โ—Ž Cloud Security/DevOps/DevSecOps/SRE โ—Ž Blogger (oss-world, thesecuremonk) โ—Ž Co-Organizer โ—‹ DevOps-Pune, DevSecOps-Pune โ—Ž Open Source Software and CIS Contributor โ—Ž Past Organization: Cloudneeti, Motifworks, NTT Data โ—Ž https://www.linkedin.com/in/rahulkhengare
  • 3. Agenda โ—Ž Need for Container Security โ—Ž Overview of Microsoft Defender for Cloud โ—Ž Microsoft Defender Capabilities โ—Ž How it works โ—Ž Demo
  • 4. How you are securing the container workloads?
  • 5. Known Practices โ—Ž Use of private registry and trusted images โ—Ž Continuous Vulnerability scanning of images (Trivy, Encore) โ—Ž Limit container privileges โ—Ž Use of network segmentation โ—Ž Implement least privilege access (RBAC) โ—Ž Logging and Monitoring โ—Ž Implement runtime security for threat detection โ—Ž Preventive and detective policies - Kyverno โ—Ž Security and Compliance Audits โ—Ž Certificates, securing endpoints โ—Ž Many More โ€ฆ
  • 6. โ€œ 93% experienced at least one security incident in their Kubernetes environments in the last 12 months - State of Kubernetes security report * Kubernetes adoption, security, and market trends report 2022
  • 7. Microsoft Defender What it is? Capabilities? How it works?
  • 8. Overview of Microsoft Defender for container โ—Ž Cloud Native solution to โ—‹ Improve โ—‹ Monitor โ—‹ Maintain the security of your clusters, containers, and their applications. โ—Ž Multi-cloud Supports K8s o๏ฌ€ering and registries from di๏ฌ€erent CSP like EKS, GKE, ECR โ—Ž Kubernetes Native Deployment at Scale โ—Ž Provides Security Alerts and Remediation Capabilities RUN TIME Threat Detection ENVIRONMENT HARDENING Cluster Configurations Vulnerability Container Image Container Security
  • 9. Environment Hardening 9 โ—Ž Continuous monitoring of your Kubernetes clusters โ—‹ Wherever they're hosted [AWS - EKS, Azure - AKS, GCP - GKE, On-Premise (using ARC)] โ—‹ Continuously assess clusters to provide visibility of misconfigurations โ—‹ Provide Guidelines to mitigate the issues โ—Ž Kubernetes data plane hardening โ—‹ Azure Policy add on โ—‰ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. โ—‹ Defender Daemonset โ—‰ Deployed to each worker node, collects security-related data and sends it to Defender for analysis. Required for runtime protections and security capabilities
  • 11. Vulnerability Assessment 11 โ—Ž Supports Azure ACR and AWS ECR โ—Ž Triggers โ—‹ On push โ—‹ Recently pulled โ—‹ On import โ—‹ Continuous scan based on an image pull and for running images โ—Ž View and remediate findings โ—Ž Disable specific findings like severity below medium, non patchable findings
  • 12. Runtime Threat Protection 12 โ—Ž Provides real-time threat protection โ—Ž Generates alerts for suspicious activities โ—Ž Threat protection at the cluster level โ—‹ Provided by the Defender agent and analysis of the Kubernetes audit logs. โ—Ž Threat protection at Host level โ—Ž Monitors the attack surface of multi cloud Kubernetes deployments based on MITRE ATT&CKยฎ matrix for Containers โ—Ž Examples: โ—‹ Exposed Kubernetes dashboards, High-privileged roles, Sensitive mounts โ—‹ Anomalous secret access, Detected suspicious file download, Possible backdoor detected
  • 13. Runtime Protection - Alerts 13
  • 14. How it works 14 โ—Ž Defender for Containers receives and analyzes: โ—‹ Audit logs and security events from the API server โ—‹ Cluster configuration information from the control plane โ—‹ Workload configuration from Azure Policy โ—‹ Security signals and events from the node level โ—Ž Components deployed โ—‹ Azure Policy add on โ—‰ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. [azure-policy, azure-policy-webhook] โ—‹ Defender Profile Daemonset โ—‰ Deployed to each node provides the runtime protections and collects signals from nodes using eBPF technology. [Microsoft-defender-collector-ds, microsoft-defender-publisher-ds, microsoft-defender-collector-misc]
  • 15. How it works for AKS 15
  • 16. How it works for EKS 16
  • 17. How it works for GKE 17
  • 20. References โ—Ž Microsoft Defender for container โ—Ž Runtime alerts for Kubernetes cluster โ—Ž Azure provided container recommendations โ—Ž Vulnerable K8s for testing โ—Ž Azure Policies for K8s