Getting Control of Container Security presented at IANSLosAngeles 2019

by Davi Ottenheimer,

Summary : Fortune 1000 problem: Companies spin up containers quickly, then set them loose with no security due diligence. It’s a process problem as much as a technology issue. Questions to address:How can a company create a more deliberate process to determine when containers are necessary?What is some specific automation or orchestration tools? (Docker Swarm, Kubernates). This part is the end.How does one optimize such tools as AppArmor and SELinuxbecause to prevents a misconfiguration or bug at the container daemon level?What is Docker Notary and how can it add a layer of trust?What are some of the more recent attacks to exploit unsecured containers?