Past Meetup

Container Security Reality Check: Kubernetes and Beyond

This Meetup is past

184 people went

Juniper Networks - Building 5

160 Gibraltar Ct. · Sunnyvale, ca

How to find us

Meetup will be held in the Moffett Conference Room. Look for Juniper Networks Bldg 5. There is plenty of free parking available in front of the building at that time of day. Receptionist can point you in the right direction.

Location image of event venue

Details

Agenda:
6:30-7:00: Networking/Snacks & Bevs
7:00-7:40: Fireside Chat with Randy Bias & Henrik Rosendahl
7:40-8:00: Q&A incl. Gary Duan
8:00-8:30: Open Q&A/Networking

Abstract:
If you’re responsible for building or running microservices-based applications with Kubernetes or other orchestration technologies, this is one meetup you can’t afford to miss. Network security expert Randy Bias and Henrik Rosendahl of NeuVector (https://neuvector.com/) have prepared a tour of common misconceptions and potential gotchas in container security.

This session showcases two industry visionaries challenging each other and pointing out hard issues/choices for your consideration. You’ll leave with ideas as well as practical tactics.

In this meetup, we’ll explore:
* Nesting VMs—Yes, most Kubernetes deployments nest containers in VMs right now and don’t run on bare metal. It’s so common it’s assumed to be a best practice. Is it? Or is it giving us a false sense of security? We'll also touch on emerging projects like Kata Containers (https://katacontainers.io/)
* Bare Metal Container Tooling is Weak—Yes, you can run secure containers on bare metal and avoid the weight and attack surface of a VM. But it’s hard, because the tooling immature.
* VM Behavior in a Container World is Dangerous—Copy/pasting your dev policies and behavior from a VM mindset to containers can be deadly. The more stuff you pack into your container, the bigger your attack surface. We’ll look at how you can keep the kernel small and hard to hit with tools that are already well known.
* What’s New in Containerized Firewalls—The world is changing, with micro segmentation and distributed virtual firewalls. What happens to security when policies get abstracted away with container labels?
* Container Security and DevOps—Can you build container security into the DevOps pipeline? Yes... maybe.
* Unikernels: Here We Go Again—A tiny attack surface means moving critical functions into ring 0 (https://thenewstack.io/unikernels-will-create-security-problems-solve/). So, if there is a breach, you’re having a bad, bad day. Can unikernels play a useful role in container security? We’ll argue about it.

Come join us and bring your questions! With Randy and Henrik, there’s sure to be some fireworks to enjoy.

Speaker Bios:

Randy Bias is Vice President of Technology and Strategy for Cloud Software at Juniper Networks. Randy is an entrepreneur, writer, speaker, and futurist in cloud computing. He accurately predicted the geometric growth rate of AWS, is an advocate for open source technology, and was among the first to identify the 30-year shifts from mainframe to client/server to cloud. Randy popularized the pets vs. cattle meme as a construct for describing the fundamental difference between how enterprise stacks and cloud stacks are managed. Randy is a pioneer and early, vocal advocate for the OpenStack project, and has led teams that achieved numerous cloud firsts, including the first public cloud in Korea, the first global carrier NFV cloud, and the first “cattle cloud” for a Fortune 5 company. As a strategic R&D lead at Dell EMC, Randy led the open sourcing of several products. (https://www.twitter.com/randybias)

Henrik Rosendahl is Head of Business Development at NeuVector. Henrik is a serial enterprise software entrepreneur. He was the co-founder of CloudVolumes—which was named one of Five Strategic Acquisitions that Reshaped VMware by Forbes. He has had successful exits at 4 companies (two to VMware). He is a frequent speaker at VMworld, SNW, CloudExpo, InterOp, etc. (https://www.linkedin.com/in/hrosendahl/)

Gary Duan is the CTO & Co-Founder of NeuVector. Gary has years of experience and holds several patents in networking, security, cloud, and data center software. He was the architect of Fortinet’s award winning DPI product and has managed development teams at vArmour, Fortinet, Cisco and Altigen. His technology expertise includes IDS/IPS, OpenStack, NSX and orchestration systems.