SECURING THE MODERN ENTERPRISE USING OPEN SOURCE
Join the Security Symposium, where cybersecurity professionals can learn and network alongside Red Hat and Intel security experts, partners, and industry peers. No one can solve IT security issues alone. Solving problems together as a community is the future of technology.
WHAT TO EXPECT
The Security Symposium is a full-day event with industry experts covering the latest upstream and enterprise security developments. Attendees will network and collaborate with peers and Red Hat engineers to discuss security challenges organizations face.
EVENT KEYNOTE SPEAKER—Steve Orrin, federal chief technologist, Intel Corporation
Steve Orrin is chief technologist for Intel Corporation’s Federal Division and is responsible for cybersecurity and cloud strategy, federal solution architectures, and engagements. He has held architectural leadership positions at Intel, and is the creator of Trusted Compute Pools secure cloud architecture and co-author of NIST’s IR-7904 “Trusted Geo-Location in the Cloud.”
Steve was previously CSO for Sarvega, CTO of Sanctum, CTO and co-founder of LockStar, and CTO at SynData Technologies. He was named one of InfoWorld's Top 25 CTO's of 2004 and, in 2016, received Executive Mosaic’s Top CTO Executives Award. He is a fellow at the Center for Advanced Defense Studies and a guest researcher at the NIST’s National Cybersecurity Center of Excellence (NCCoE).
WHO SHOULD ATTEND
IT business leaders, security professionals, operations professionals, and application developers who are focused on securing their organization’s infrastructure and applications.
Morning keynote: Why we are still losing the InfoSec battle and how do we get back in the race?
9:30 a.m.-10:30 a.m.
Steve Orrin, federal chief technologist, Intel Corporation
In the current security paradigm, security teams are losing to threat actors and falling further behind. We need novel approaches to reducing the threat curve by integrating solutions across cyber threat intelligence and analytics, continuous monitoring, automation, and information sharing. Analytics and Machine Learning have had a transformative impact on threat intelligence. It’s a paradigm-shifting improvement as-is, and its impact can be further augmented by the application of foundational security hygiene, continuous monitoring, information sharing, and automation. These key elements working in concert will change the security landscape from its current gradual pace to a much more rapid rate of improvement and risk reduction. The session will highlight strategies, innovations and illustrate how we as a community must come together to meet the evolving threats and risks to organizations, users and our data.
Afternoon keynote: Container Security and new container technologies
3:30 p.m.-4:20 p.m.
Dan Walsh, consulting engineer, Red Hat
This talk will update the latest state of container security technology and cover new container technology and how it enables some of these features.
It will explain all of the parts of the OS that are being used to control what containers can do on a system.
- Read/Only system mounts, SELinux, User Namespace, Seccomp, Cgroups.
- OpenShift concept of running containers as non-root by default.
It will introduce new tools including CRI-O, buildah, podman for running containers. And new features in these tools to run in a more secure mode.
CRI-O - A container runtime for running kubernetes workloads.
Security Features:
- Read-only node forces your kubernetes environment to only run containers that can not modify their images.
- User Namespace support.
- Simplified Kubernetes Container Runtime Interface.
- Kubernetes Dedicated Runtime, Smaller Simpler daemon, only functionality required by Kubernetes.
Podman:
- Replacement container runtime CLI for Docker.
- User Namespaces Support.
- No bigfatdaemon listening for incoming connections.
- Simpler fork/exec model of running containers versus Client Server.
- Better Auditing.
- Mount - able to mount container images for examination by scanners.
Buildah:
- No bigfatdaemon listening for incoming connections.
- Less privileged mode, able to build inside of a container.
- Able to build much smaller container images, no need to have build artifacts in your container images.
- Mount - able to mount container images for examination by scanners.
Skopeo
Support for multiple container storages including:
- Container runtimes, docker storage, container/storage for sharing content with CRI-O, Buildah, Podman.
- Converting from Docker image format to OCI Image format.
- Remote inspection of container image json.
TRACK 1: Ops Track
Overview of the security technologies in Red Hat Enterprise Linux
10:45 a.m.-11:35 a.m.
Dmitri Pal
Red Hat Enterprise Linux includes a variety of technologies that allow customers building layers of protection of their datacenter and working towards meeting compliance requirements. The presentation will give a high level overview of the available and emerging technologies like OpenSCAP, SELinux, Crypto, Policy Based Decryption, USBGuard, Identity Management and others and will provide pointers and references available materials for further reading.
Application whitelisting and automated threat response
11:35 a.m.-12:25 p.m.
Steve Grubb
Application whitelisting is an effective way of preventing unknown software from executing on a machine. This presentation will detail an open source implementation that is available in Fedora. We will also look at how the information from an application whitelisting daemon can be leveraged in real time to maintain system integrity. An overall strategy will be outlined showing how this piece fits into a broader security context.
Secure Application Connectivity: Dynamically Securing OpenShift Workload Communications at Scale
1:30 p.m.-2:20 p.m.
Cody McCain
Orchestrated workloads, and by extension, their network identities are ephemeral. This coupled with peer-to-peer topologies proliferated due to microservice adoption is rendering traditional and static network security devices irrelevant. This session demonstrates distributed and just-in-time policy rendering that protects workloads across layers 3-7 of the network stack. We will also discuss how to compose, manage and operate micropolicies in an OpenShift and cloud-native world.
Automating security and compliance for hybrid environments
2:30 p.m.-3:20 p.m.
Lucy Kerner
Maintaining visibility, control, security, and ensuring governance and compliance remains paramount. However, it becomes more difficult and time consuming in a hybrid infrastructure consisting of physical, virtual, cloud, and container environments. In this session, you’ll learn how a combination of Red Hat CloudForms, Red Hat Satellite, Red Hat Insights, Red Hat Ansible Automation, and OpenSCAP can help you with these challenges in your hybrid infrastructure by automating security and compliance. Specifically, in your hybrid infrastructure, you’ll learn how to easily provision a security-compliant host, how to quickly detect and remediate security and compliance issues, how to ensure governance and control in an automated way, how to do proactive security and automated risk management, how to perform audit scans and remediations on your systems, and how to automate security to ensure compliance against regulatory or custom profiles.
TRACK 2: Dev Track
Secure Application Authentication with Red Hat SSO
10:45 a.m.-11:35 a.m.
John Doyle
Ensuring the required secure authentication and authorization policies are applied to web applications is a critical task. Red Hat Single Sign-On provides the capabilities to centrally manage the users, groups, roles and permissions for your applications via standards developed for the web like OAuth and OpenID Connect, in both traditional and orchestrated environments. This session will cover the core capabilities of Red Hat SSO including password policies, user federation, identity brokering, and social login.
Security first: Automating CI/CD pipelines and policing applications
11:35 a.m.-12:25 p.m.
Justin Goldsmith
Recent public breaches highlight the importance of a security strategy that extends beyond the network perimeter. Applications developed and maintained without security in mind present a likely entry point for malicious attackers. Preventive measures should be taken to reduce vulnerabilities that can avoid zero-day attacks.
As organizations adopt containers, an automated approach to security, testing, and application development is needed to increase productivity and reduce risk.
During this session, you'll learn how the Red Hat OpenShift Container Platform can be used to:
- Integrate security monitoring software into CI/CD pipelines for containerized applications.
- Know what's in your containers and where they come from, which is vital to secure and quickly remediate workloads.
- Enhance open source library security, in true DevSecOps fashion, and establish a security-first mindset for application development.
Charting the course of API security over time: past, present and future
1:30 p.m.-2:20 p.m.
Yossi Koren and Kavitha Srinivasan
The API Security Journey
From local to federated model
Security Approach & Strategy
Evaluate your API needs
Best Practice & Trends
Form API Keys to OpenID
The API gateway model
Native, Docker, OpenShift & Plug-in approach
API Security Outlook (TBD)
Security Roadmap
Go faster but check your brakes - serverless security
2:30 p.m.-3:20 p.m.
Rich Sharples
Serverless is rapidly gaining a foothold in the developer's toolbox and promises extreme scale and efficiency while speeding up development of modern cloud-native applications but it does require that we think about security a little differently. Contemporary distributed applications (including traditional long-running microservices and serverless) give the malicious attacker (or inattentive developer) new opportunities to wreak havoc. This session will present some of the considerations and what to do about them.
About the hosts
Steve Orrin
Federal Chief Technologist
Intel Corporation
Steve Orrin is Chief Technologist for Intel Corp’s Federal Division and is responsible for Cyber Security and Cloud Strategy, Federal Solution Architectures and Engagements. Steve has held architectural leadership positions at Intel where he has led strategy and projects on Identity, Anti-malware, HTML5 Security, Cloud and Virtualization Security, and is the creator of Trusted Compute Pools Secure Cloud Architecture and co-author of NIST’s IR-7904 “Trusted Geo-Location in the Cloud”. Steve was previously CSO for Sarvega, CTO of Sanctum, CTO and co-founder of LockStar, and CTO at SynData Technologies. Steve is a recognized expert and frequent lecturer on enterprise security and was named one of InfoWorld's Top 25 CTO's of 2004 and, in 2016, received Executive Mosaic’s Top CTO Executives Award. He is a fellow at the Center for Advanced Defense Studies and a Guest Researcher at the NIST’s National Cybersecurity Center of Excellence (NCCoE).
Justin Goldsmith
Technical Consulting Architect, Financial Services
Red Hat
Justin Goldsmith, a Technical consulting architect in Red Hat’s Financial Services practice, has worked extensively with Red Hat® OpenShift, successfully migrating legacy applications to containers and building net-new OpenShift native applications. Justin focuses on CI/CD and DevOps, emphasizing automation benefits in each step of the software development life cycle. Recently, he's been stressing the importance of including security analysis of applications upfront in the CI/CD process.
Yossi Koren
Sr. Solution Architect, API & Agile Integration
Red Hat
Focusing on enterprise solutions that leverage API integration and management platforms as part of the Red Hat middleware team. Yossi has been involved in the SOA and API integration projects since 2008, and working closely with the Red Hat middleware products as a partner from 2015 and joined Red Hat as part of the 3scale acquisition. He has extensive experience in application and API integration technologies and solutions enabling IT and enterprise digital transformation.
Dmitri Pal
Director, Software Engineering
Red Hat
Dmitri Pal is an Engineering Director at Red Hat. He is responsible for security and identity management projects and products provided as a part of Red Hat Enterprise Linux ecosystem. Dmitri has more than twenty years of security and identity management experience.
Steven Grubb
Security Architect
Red Hat Enterprise Linux Engineering
Steve Grubb is a Senior Principal Engineer whose role in Red Hat Enterprise Linux (RHEL) Engineering is as a Security Architect with a focus on Security Certifications (such as Common Criteria and FIPS-140) and configuration Guidance (such as DISA STIG, USGCB, and the CIS RHEL Benchmark). He also performs Software Assurance studies such as reviewing protection mechanisms, threats, and vulnerability detection and analysis to guide product development to a safer posture.
Daniel J Walsh
Consulting Engineer
Red Hat
Daniel Walsh has worked in the computer security field for over 35 years. Dan is a Consulting Engineer at Red Hat since August 2001. Dan leads the Red Hat Container Engineering team since August 2013, after working on container technology for several years. Dan currently focusess on the CRI-O Container Runtime, Buildah for building container images, Podman a tool for managing containers and pods, containers/storage and containers/image. Dan is a major contributor to the Docker/Moby project. Dan also developed a lot of the software on Project Atomic. He has led the SELinux project, concentrating on the application space and policy development. Dan helped developed sVirt, Secure Virtualization as well as the SELinux Sandbox back in RHEL6 an early desktop container tool. Previously, Dan worked Netect/Bindview's on Vulnerability Assessment Products and at Digital Equipment Corporation working on the Athena Project, AltaVista Firewall/Tunnel (VPN) Products. Dan has a BA in Mathematics from the College of the Holy Cross and a MS in Computer Science from Worcester Polytechnic Institute. Email: dwalsh@redhat.com
John Doyle
Senior Principal Product Manager, Middleware Portfolio
Red Hat
John Doyle has been a Product Manager in the JBoss Applications Platforms group for more than seven years. In that time his responsibilities have included JBoss EAP, JBoss Web Server, and Management and Monitoring. His current responsibilities include Red Hat Single Sign-On and OpenJDK. Prior to his role in product management, John was an engineer on Red Hat Data Virtualization.
Lucy Kerner
Security Global Technical Evangelist and Strategist
Red Hat
Lucy Kerner is currently the global security technical strategist and evangelist at Red Hat and helps drive thought leadership and the global go-to-market strategy for security across the entire Red Hat portfolio. Lucy creates and delivers security related technical content to the field, customers, and partners and has spoken at numerous internal and external events and is a 2017 and 2016 Red Hat Summit Top Presenter. Prior to her current role, she was a Senior Cloud Solutions Architect for the North America Public Sector team at Red Hat. Lucy has over 15 years of professional experience as both a software and hardware development engineer and a pre-sales solutions architect. Prior to joining Red Hat, she worked at IBM as both a Mainframe microprocessor design engineer and a pre-sales solutions architect for IBM x86 servers. She has also interned at Apple, Cadence, Lockheed Martin, and MITRE, where she worked on both software and hardware development. Lucy graduated from Carnegie Mellon University with an M.S. and B.S. in Electrical and Computer Engineering and a minor in Spanish.
Kavitha Srinivasan
Solutions Architect, API Management and Middleware
Red Hat
Kavitha is a Solutions Architect with Red Hat currently specializing in API Management, Business Process management and Decision Management systems.
She has extensive experience in architecting productionized solutions for fortune 500 companies on various middleware and integration technologies.
She loves to compose pragmatic technology solutions to address complex business usecases for customers undertaking digital transformation initiatives.
Rich Sharples
Senior Director of Product Management
Red Hat
Rich is the Senior Director of Product Management in the Application Platforms Business Group at Red Hat. He has spent the last twenty years evangelizing, using and designing Enterprise Middleware; he previously worked for Forte Software and Sun Microsystems and as an independent software developer and consultant building large distributed software systems for the space, transport, telecom and energy sectors.
Rich served on the node.js Foundation Board of Directors and helped it transition from BDFL to open, independent foundation and for the last decade - has been working across the industry to help create a truly open, collaborative ecosystem for Java.
In his spare time he enjoys tinkering with new and emerging technology, running, cycling and anything that gets him outdoors.
Cody McCain
Solutions Architect
Tigera
Cody McCain carries the Tigera flag in NYC where he helps customers connect and secure all manner of things within the fabric. Prior to his current role, Cody provided Kubernetes training and implementation services at Apprenda and led Enterprise Architecture at GE Global Research. Cody has served in technology leadership roles across multiple verticals including energy, manufacturing, entertainment, and security. Cody has a B.S. in Physics from Abilene Christian University and is passionate about cloud native software development and distributed computing.