GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deployment Firewall and DBOM
JamesAnderson135
93 views
18 slides
Jun 03, 2024
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along wi...
Slide Content
©} Opsmx
Delivery to Deployment
Application Security ,
—
May 2024
Delivery to Deployment
Application Security ,
—
May 2024
= Ship Better Software Faster
7% OpsMx
OpsMx secures and intelligently automates software delivery
from developer to deployment, building on an
Open Software Delivery architecture and Al/ML-powered DevSecOps
QUE A O =
lel Google RE FAN Adobe ZE,
7% OpsMx
OpsMx secures and intelligently automates software delivery
from developer to deployment, building on an
Open Software Delivery architecture and Al/ML-powered DevSecOps
QUE A O =
lel Google RE FAN Adobe ZE,
= OpsMx Delivery Shield
OpsMx Delivery Shield secures your application
lifecycle with continuous security posture
management, global visibility, and policy
enforcement.
AppSec Today
+ Too many tools that don't work together
e Disjointed data - no unified view
e “Shift Left” slowing down developers
OpsMx Offers
+ Faster, more secure application releases
e Automated compliance and enforcement
e Lower overall cost of AppSec
7 OpsMx
Security App Dev DevOps
OpsMx Delivery Shield
Application Security Posture Management
bata eco ooops Toe |
“an tect
Software Development Lfecycie
OpsMx Delivery Shield secures your application
lifecycle with continuous security posture
management, global visibility, and policy
enforcement.
AppSec Today
+ Too many tools that don't work together
e Disjointed data - no unified view
e “Shift Left” slowing down developers
OpsMx Offers
+ Faster, more secure application releases
e Automated compliance and enforcement
e Lower overall cost of AppSec
7 OpsMx
Security App Dev DevOps
OpsMx Delivery Shield
Application Security Posture Management
bata eco ooops Toe |
“an tect
Software Development Lfecycie
= Managing Application Security
In a DevOps World
à 2: BUILD -8- DEPLOY |-»[ OPERATE |
7% OpsMx
Old World
+ Centralized teams
+ Consistent Dev environment
Monolithic applications
« One path to production
In a DevOps World
à 2: BUILD -8- DEPLOY |-»[ OPERATE |
7% OpsMx
Old World
+ Centralized teams
+ Consistent Dev environment
Monolithic applications
« One path to production
= Managing Application Security 7% OpsMx
In a DevOps World
New World
= e Distributed development teams
a. ® Service-based architecture
= © Frequent releases to multiple targets
= e Teams choose DevOps tools
« Shift left security responsibilities
In a DevOps World
New World
= e Distributed development teams
a. ® Service-based architecture
= © Frequent releases to multiple targets
= e Teams choose DevOps tools
« Shift left security responsibilities
= Managing Application Security FX OpsMx
In a DevOps World
Service-based architecture
Frequent releases to multiple targets
Teams choose DevOps tools
Shift left security responsibilities
In a DevOps World
Service-based architecture
Frequent releases to multiple targets
Teams choose DevOps tools
Shift left security responsibilities
= AppSec Challenges We Hear
=s “Choose Your Own Adventure”
— Every team is using different
=e
— tools, different processes
Siloed Visibility
We have all the data that we
need, but it is siloed in separate
tools and data sets
fe)
80
Too Many Alerts
Each tool generates its own
alerts, but no rationalization
across them
7% OpsMx
Every Tools Adds Cost, Complexity
How can | stop paying for some
of the tools that | pay for today?
Overloaded Developers
“Shift Left” overloads
developers without reducing
security risks
Security Effectiveness
No good way to show the
overall results of the security
program.
=s “Choose Your Own Adventure”
— Every team is using different
=e
— tools, different processes
Siloed Visibility
We have all the data that we
need, but it is siloed in separate
tools and data sets
fe)
80
Too Many Alerts
Each tool generates its own
alerts, but no rationalization
across them
7% OpsMx
Every Tools Adds Cost, Complexity
How can | stop paying for some
of the tools that | pay for today?
Overloaded Developers
“Shift Left” overloads
developers without reducing
security risks
Security Effectiveness
No good way to show the
overall results of the security
program.
= Challenges Addressed by OpsMx #YopsMx
SecOps / DevOps CISO / Exec Mgmt
+ Detect, prioritize, e = Shift-left without « Global security
remediate security burdening developers visibility
threats e Fits in the existing e Audit reports with
e Automated checks / SDLC workflow compliance checklist
controls e Security / fix e Easy to implement with
e Shift-left security recommendations to existing tools, central
e Blocks vulnerable Developers management
deployments + Developer visibility and e Lower TCO
+ Continue to leverage productivity + Eliminate tool sprawl
existing tools / Reduce tools license
workflows costs
SecOps / DevOps CISO / Exec Mgmt
+ Detect, prioritize, e = Shift-left without « Global security
remediate security burdening developers visibility
threats e Fits in the existing e Audit reports with
e Automated checks / SDLC workflow compliance checklist
controls e Security / fix e Easy to implement with
e Shift-left security recommendations to existing tools, central
e Blocks vulnerable Developers management
deployments + Developer visibility and e Lower TCO
+ Continue to leverage productivity + Eliminate tool sprawl
existing tools / Reduce tools license
workflows costs
Security Policy Management
d Archi
7% OpsMx
El Bill of Materials
itomation
Security Posture Evaluatio
"Developer to Deployment” Lifecycle Visibility
à ee. BUILD
DEVELOPER
bernoences (9
d Archi
7% OpsMx
El Bill of Materials
itomation
Security Posture Evaluatio
"Developer to Deployment” Lifecycle Visibility
à ee. BUILD
DEVELOPER
bernoences (9
= OpsMx Benefits
Faster Application Releases
Only manage security exceptions,
automate everything else
More Secure Applications
Broad end-to-end data drives more
comprehensive risk assessment
Productive “Shift Left"
Developer-friendly visibility and
guidance to close security gaps
G
A
FM OpsMx
Lower Cost of AppSec
Improve team efficiency, reduce
redundant tools, leverage open source
Automated Compliance
Automated policy enforcement,
automated audit reporting
Global Security Visibility
See what is really happening
across tools & teams in one place
Faster Application Releases
Only manage security exceptions,
automate everything else
More Secure Applications
Broad end-to-end data drives more
comprehensive risk assessment
Productive “Shift Left"
Developer-friendly visibility and
guidance to close security gaps
G
A
FM OpsMx
Lower Cost of AppSec
Improve team efficiency, reduce
redundant tools, leverage open source
Automated Compliance
Automated policy enforcement,
automated audit reporting
Global Security Visibility
See what is really happening
across tools & teams in one place
©} OpsMx
Delivery Shield
Product Capabilities
Delivery Shield
Product Capabilities
= OpsMx Delivery Sheild Capabilities 7 OpsMx
Application Lifecycle Visibility
+ Real-time, end-to-end, Developer to Deployment
+ Auto-discovered, synthesized, stored in SDLC
+ Powered by 90+ DevOps integrations Security Posture Evaluation
Evaluated against industry, organization policies
Security of release artifacts, artifact provenance
CVE scans and posture
Deployment target configuration, IAC
Compliance with delivery process steps
Incident Response
e Monitor for new vulnerabilities
+ Trace CVEs in production Application
© Detect drift in security posture Security
Posture Mgmt.
Policy Enforcement
+ Automated approvals, release verification
+ Option to use Deployment Firewall to block
out-of-compliance releases
+ Policy exception tracking and management
Software Delivery Audit & Compliance
+ Full audit, automated compliance reporting
+ Delivery Bill of Materials (DBoM)
Application Lifecycle Visibility
+ Real-time, end-to-end, Developer to Deployment
+ Auto-discovered, synthesized, stored in SDLC
+ Powered by 90+ DevOps integrations Security Posture Evaluation
Evaluated against industry, organization policies
Security of release artifacts, artifact provenance
CVE scans and posture
Deployment target configuration, IAC
Compliance with delivery process steps
Incident Response
e Monitor for new vulnerabilities
+ Trace CVEs in production Application
© Detect drift in security posture Security
Posture Mgmt.
Policy Enforcement
+ Automated approvals, release verification
+ Option to use Deployment Firewall to block
out-of-compliance releases
+ Policy exception tracking and management
Software Delivery Audit & Compliance
+ Full audit, automated compliance reporting
+ Delivery Bill of Materials (DBoM)
= SDLC Tracking: Representative Data Set 7% OpsMx
“Developer to Deployment” view of the application lifecycle - all available in one place
+ DEPLOY
e Build tool
Artifact i
Ñ paar e A Tepe ae Ra
e Build approvers report Kubernetes service
e Dependency CIS benchmarks
validation
“Developer to Deployment” view of the application lifecycle - all available in one place
+ DEPLOY
e Build tool
Artifact i
Ñ paar e A Tepe ae Ra
e Build approvers report Kubernetes service
e Dependency CIS benchmarks
validation
Real-Time Risk Assessment 7% OpsMx
tr:
tr:
Deployment Firewall 7% OpsMx
Real-time, policy-driven evaluation of deployment policies across dev, test, staging, and
production environments
Real-time, policy-driven evaluation of deployment policies across dev, test, staging, and
production environments
= Delivery Bill of Materials 7% OpsMx
Comprehensive, consolidated record of the application delivery and deployment process
Delivery Bill of Materials
SBoM + Delivery and Deployment Process
Approvals
Security posture
Policy checks
Policy exceptions
Build process
Test results
Captured at time of Deployment
Preserved for future audit / compliance
Comprehensive, consolidated record of the application delivery and deployment process
Delivery Bill of Materials
SBoM + Delivery and Deployment Process
Approvals
Security posture
Policy checks
Policy exceptions
Build process
Test results
Captured at time of Deployment
Preserved for future audit / compliance
(2 0psMx
Demo
Demo
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 93
- Slides 18
- Age 548 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
21 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views