[ad_1]
On this weblog we introduce the Cisco Cloud Native Safety SPOT-On demo video sequence. On this sequence we are going to take you thru the best way to present a cloud native infrastructure to run purposes. We’ll have a look at what instruments are wanted to make this occur and, most significantly, how we are able to safe these environments utilizing the Cisco Safe portfolio.
On this half 1 of the sequence, we are going to introduce:
what we will probably be constructing
what varieties of safety applied sciences we will probably be implementing
how the Cisco Safe portfolio supplies visibility and safety coverage in a cloud native surroundings.
Every weblog within the sequence will embody a demo video! You can even discover extra info at Cisco Utility-First Safety.
What and the place will we be constructing?
First, we’d like someplace to deploy our infrastructure. We will probably be deploying our infrastructure in Amazon Net Companies (AWS). In AWS we are going to provision a Digital Non-public Cloud (VPC) with all the required subnets, safety teams, interfaces, route tables, web gateways, elastic IP addresses, and elastic compute (EC2) cases. We may even be deploying an Elastic Kubernetes Service (EKS) cluster to handle and orchestrate our cloud native purposes. There will probably be two EC2 cases provisioned, the primary will host our Subsequent Technology Firewall. The second will host the EKS employee node, which is able to host our microservices purposes.
What instruments do we’d like?
We additionally want some instruments to assist us with provisioning and configuring our surroundings. We constructed a DevBox with all the required DevOps instruments to perform this. On this DevBox we are going to set up the most recent variations of Terraform, Ansible, Jenkins and AWS CLI. We are going to use Terraform and the AWS CLI to provision the cloud infrastructure and purposes. Ansible will probably be used to configure the Subsequent Technology Firewall coverage. Jenkins will automate and orchestrate the construct and deployment of the surroundings. Different instruments we will probably be utilizing embody GitHub for supply code administration and model management, Docker for deploying Ansible playbooks and Python scripts in our CI/CD pipeline, and the Kubernetes CLI (kubectl) to watch and handle the cluster itself.
How you can safe cloud native environments?
Securing the cloud native surroundings can change into a bit of bit difficult. What precisely are we attempting to safe? There are such a lot of questions that may come up when deploying your cloud-native app in AWS (or one other IaaS supplier):
Are we securing the general public cloud infrastructure? or the Kubernetes cluster? or the microservices operating within the cluster? or how in regards to the containers and the apps operating contained in the containers?
What in regards to the APIs (Utility Programming Interfaces) they’re exposing? What in regards to the authentication and authorization of the APIs?
How is the information encrypted in transit and at relaxation?
What number of connections or requests can the app help?
Are there any weak libraries being utilized in these apps?
Fortunately for us, the Cisco Safe portfolio supplies options for all these questions.
Totally different options for various use instances
On this sequence we are going to begin with the infrastructure and make our manner up within the stack to the appliance and customers. Relying on the deployment, among the infrastructure layers won’t be managed (e.g., in serverless computing deployments). Subsequently, it is very important word that not all these options will probably be wanted for each cloud-native deployment. Throughout this weblog sequence, we are going to clarify the totally different use instances, and while you want which resolution. Test the diagram beneath to see how the totally different options play a job within the utility stack.
Totally different options play totally different roles within the utility stack
From infrastructure to utility – going up the stack
At a excessive degree, going up within the stack from the infrastructure to the appliance, seems like this:
We are going to safe the cloud edge utilizing Cisco Safe Firewall (NGFW) which will probably be provisioned on an EC2 occasion that would be the entry level into the VPC. The NGFW will present North/South layer 3-7 entry management, intrusion prevention, and anti-malware protections to and from our purposes. This resolution supplies an choice to safe the cloud infrastructure (AWS VPC) itself. The opposite possibility is to deploy Cisco Safe Firewall Cloud Native (SFCN) immediately into the Kubernetes cluster. SFCN is a full NGFW, constructed to run in a managed Kubernetes surroundings in public cloud. This supplies automated scaling options for safety providers based mostly on demand.
We may even dive into different rising applied sciences equivalent to Cloud Safety Posture Administration (CSPM) utilizing Cisco Safe Cloud Insights. Safe Cloud Insights provides us full visibility into cloud safety posture whereas regularly monitoring and detecting coverage violations and misconfigurations and mapping relationships between all property to know the complete assault floor.
We are going to then present visibility and safety analytics into the cloud infrastructure and Kubernetes cluster utilizing Cisco Safe Cloud Analytics (SCA). SCA detects indications of compromise equivalent to insider menace exercise and malware inside the microservices surroundings. This resolution provides us the choice to safe public cloud (AWS VPC) and cloud native (Kubernetes) infrastructures. SCA additionally has integration with serverless computing platforms equivalent to AWS Lambda.
Cisco Safe Workload can present micro-segmentation within the cloud infrastructure and micro-service purposes. Safe Workload might be deployed utilizing an agent on the cloud cases (EC2) or a daemonset on the Kubernetes cluster. This resolution supplies choices to phase cloud cases and micro-apps at Layer 3-4, which means coverage continues to be being enforced by IP deal with and repair port.
Cisco Safe Utility for cloud native will ship Kubernetes and Container safety offering, CI/CD pipeline integration and API visibility and danger detection. Since this resolution is a container safety resolution, it may be used along with your Kubernetes cluster.
Now we are going to safe the appliance itself by detecting code dependencies whereas constantly monitoring vulnerabilities and blocking exploits all throughout utility runtime utilizing Cisco Safe Utility for AppD. Cisco Safe Utility is a part of the AppDynamics suite and runs on its Utility Efficiency Monitor (APM), which is deployed within the appliance code. Since this resolution is embedded within the appliance runtime by way of an agent it may be used wherever the appliance is operating.
Utilizing Cisco Safe Entry by Duo will set up user-device belief and extremely safe entry to purposes that will help you determine company versus private units with straightforward certificates deployment, block untrusted endpoints, and provides customers safe entry to inner purposes with out utilizing VPNs. Moreover, Duo Community Gateway supplies granular person and endpoint entry management to CI/CD purposes and infrastructure over HTTPS, SSH and RDP.
Observe the sequence
That is the primary weblog in my 3-part Cisco Cloud Native Safety sequence. Every weblog will introduce the subsequent demo video. Try the primary video, Cisco Safe Cloud Native Safety – Half 1 – Introduction, for extra detailed info and demo. And please go to the Cisco Utility-First Safety web site for entry to instruments, studying labs, and extra info. Received questions, or stuff you’d like to debate?… be a part of us within the Safety Developer Group
Cisco Safe Cloud Native Safety – Half 1 – Introduction
We’d love to listen to what you assume. Ask a query or depart a remark beneath.And keep related with Cisco DevNet on social!
LinkedIn | Twitter @CiscoDevNet | Fb | Developer Video Channel
Share:
[ad_2]