All Cloud-Native Services Are Vulnerable — Block Exploits with Security Behavior Analytics - David Hadas, IBM Research & Roland Huß, Red Hat

less than 1 minute read

Abstract

It’s known that no service is immune to vulnerabilities, even when following the best security practices. This demands a shift in our approach – we need robust methods that can block existing exploits, future exploit mutations, exploits developed immediately after a CVE is published, and even exploits of vulnerabilities we are unaware of. This talk introduces how Security Behavior Analytics (SBA) technology can detect exploit delivery sent during client interactions. Guard, a CNCF Knative component running on Kubernetes, uses SBA to detect unusual behavior that indicates potential exploit delivery. Guard applies Machine Learning (ML) to establish per-service criteria and does not rely on specific signatures that can be outdated or missed. We cover the benefits and disadvantages of using SBA with ML. We demonstrate Guard in action, blocking an actual exploit, and discuss security operations in production, and the relationship with Zero-Trust Architecture.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

All Cloud-Native Services Are Vulnerable — Block Exploits with Security Behavior Analytics - David Hadas, IBM Research & Roland Huß, Red Hat

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google