We’ve all heard “software is eating the world” – that most organizations are becoming software organizations in some form. In this new era, DevOps rises as the engine of the business, and organizations resisting its ascension empirically fall behind. Those in information security often view DevOps as demons by another name and assume that if they aren’t a hyperscale tech organization, they can safely ignore these trends.
In reality, information security has a choice: marry with their DevOps colleagues and embrace the philosophy of controlled chaos, or eventually be shoved aside, descending into impotence and irrelevancy. In this session, we’ll explain the basics of DevOps and the concepts of resilience and chaos engineering. Using large-scale survey data, we’ll illuminate which factors determine whether an organization is “elite” in this software-dominant world. We’ll then uncover how DevOps’ priorities and goals aren’t so dissimilar from modern infosec’s goals.
Kelly Shortridge | VP of Product Strategy, Capsule8
Nicole Forsgren | Research & Strategy, Google Cloud
Containers are a hot topic because of the simplicity they bring to the process of software development, shipping, and deployment. They are insanely useful for eliminating environmental constraints such as library version conflicts, and for the overall organization and hygiene of software. Containers also provide some security properties, including version management, an expression of intent, and often reduced attack surface. However, it is important to understand that although the organizational isolation of containers is what enables these security properties, isolation itself is not a security property of containers.
As such, it becomes important to understand the security properties of containers, how they have been escaped in the past, and how they are likely to be escaped in the future. This year kicked off with a container escape vulnerability in runc, used by various container engines, which seemed to come as a shock for many users of containers.
Brandon Edwards | Chief Scientist, Capsule8
Nick Freeman | Research Scientist, Capsule8
Capsule8 is the only company providing high-performance attack protection for Linux production environments – whether containerized, virtualized, or bare-metal.
Capsule8 liberates SecOps from managing a high volume of manual tasks, while being safe for even the busiest workloads, on the busiest networks.
Come enjoy the best party spot in Mandalay Bay, Eyecandy. Located in the center of the casino floor, join us for what will be the most talked about party of Black Hat 2019. Guests will enjoy food, music and a full open bar. We expect to hit capacity so don’t hesitate – get on the list now!
High-performance attack protection for Linux production environments – whether containerized, virtualized, or bare-metal. Capsule8 liberates SecOps from managing a high volume of manual tasks, while being safe for even the busiest workloads, on the busiest networks.