Skip to content

Securing the Mesh

Photo of Lee Calcote
Hosted By
Lee C.
Securing the Mesh

Details

Agenda:

6:00pm: Socializing and Announcements
6:20pm: Talk: Securing the Mesh
7:15pm: Conclude

---
Details:

When implementing a network security solution in a cloud native environment, the ephemeral nature of workload instances creates a challenge in identifying the parties to each network connection. Introducing a service mesh into that environment creates additional challenges - each connection now has one or more extra hops to and from the proxies and communication between workloads is usually encrypted. On the other hand, the proxy itself is an excellent point to implement network security, since it has the context for each connection as well as visibility to the plaintext content of the communication.

Lee Calcote from Layer5 and Haim Helman from Octarine will discuss a typical journey to cloud native and subsequently to a service mesh and the security concerns raised in that process.

Haim and Lee will present the security features that are inherent to the mesh itself - encryption, mutual authentication and identity-based layer-7 access control. They will further elaborate on advanced security features that can be achieved by extending the mesh’s data plane (e.g. new Envoy filters) and control plane (e.g. new Istio Mixer adapters). These include signature-based and anomaly-based threat detection, automation of access control policy creation and enhanced visibility and reporting of access control policy violations.
Haim will demonstrate how Octarine utilizes Envoy and Istio to secure cloud native workloads.

---
Speaker:

Haim Helman, CTO, Octarine
https://twitter.com/octarinesec

Lee Calcote, Founder, Layer5
https://twitter.com/lcalcote, https://twitter.com/layer5

---
An online event hosted on Zoom.

Photo of Docker & OCI containers Austin group
Docker & OCI containers Austin
See more events