Continuous Monitoring

00:00

right, So you've reached less than 7.5 or talk a little bit about continuous monitoring

00:06

in this lesson. Wanna look at some other monitoring tools? Take a look at the Cloud Native Computing Foundation. Look at some of their projects, the different levels until we just want to have a good source for where we confined open source product specific to

00:22

the cloud. And then I would take a look at a couple of projects, which are pretty robust so that the Falcon Falco for Container Security and Prometheus, which is a monitoring and metrics tech tool.

00:35

So for monitoring a lot topics we need to think about special from a security perspective to make sure it's embedded in there. We've got good monitoring, so Web application firewalls Some of the cloud Trail cloudwatch. If you're in AWS, may make sure you have centralized log in.

00:51

He's the instant track in digital loss prevention. There's a lot to understand,

00:55

and especially even though it may not seem like it, security related. But monitoring assets is part of the availability weight with the security perspectives of using the nachos or again the cloudwatch alerts. That's important concepts to be to embed into the pipeline

01:12

to mention the Cloud Native Computing Foundation. It's actually an offshoot of the Linux Foundation, where they want to make Ah cloud native computing ubiquitous. So they their charters to Stuart Thes projects, foster growth, promote the technologies

01:29

and make them accessible. And so they have multiple levels if the sandbox where that you're starting off

01:34

incubating and then eventually graduated for the more robust projects that have gone through the whole pipeline.

01:42

So here's another one are explained. It graduated kubernetes, which we've talked about quite a bit, and I'll talk about a little bit later for orchestration. Prometheus for monitoring. We'll talk about that one. Next slides that there's logging Dean s discovery.

01:59

Then, as you get incubating phase, they're still pretty robust. They just haven't graduated yet to the graduated stage. But there's a

02:06

ah protocol Falco, which is interesting. It runs security monitoring within containers, which may not have a good perspective. With most these other tools.

02:14

There's open policy agent for the policy. You can do security with for Elek specific for data integrity. And then, as you get into understanding containers, um, and this micro services, you think exactly your deep clinker D which does service mish

02:31

So quick. Question. Why are we discussing monitoring and def SEC ops?

02:38

What we need to embed security throughout the life cycle so we can't just say the Dakotas secure. We've run scans are that's good enough. We want to go foot through the full life cycle of the operations and the monitoring,

02:53

and we've also we are spent some time doing threat assessments are threat analysis and discovering threats. So why not embed those into the security controls and then embed them into the monitoring to make sure that we have this constant feedback of knowing what are threats and risk are, and actually putting them into the monitoring face so that we're getting good results?

03:14

I mentioned there's this the to call Falco, which is an incubating project.

03:19

It does kubernetes threat detection or an engine. So it it takes some of the rules for unexpected activity, such as like unpatched. New vulnerabilities may be insecure configurations. Anything leading to we credential. Insider threat Possibly,

03:35

um,

03:36

it is actually based on the Lennox discs is called monitoring so you can read really embedded into the operating system so it can see just about anything that's going on and it but also pairs with, as I mentioned the top there with with kubernetes application context in the A P. I so could do a lot more in the back end where we

03:55

you might consider it your quote unquote trusted network because it sees these services in the back end.

04:00

He's micro services, but you really need to do a lot of monitoring on them as well, especially if you're starting. If you're moving to this micro services architecture and you're relying on this to run your application,

04:13

the next project, which is interesting, is Prometheus,

04:16

which is it's a graduated very robust. It has dimensional data, which is means the time Siri's. It has some query language you could have solved Grant on top of it for deuce data visualization for creating dashboards. For these, for the metrics, everything you want

04:34

and then for the specific metrics, you can then create alerting rules.

04:39

It has a lot of integration, so you can integrate it with Jenkins like we're using Sunscreen captures. I'll show you next, but you could do it for monitoring anything else and you're databases. Free Web service like Apache engine. Next. If you have a proxy server,

04:55

any of these nachos, anything like like that. So it's a very interesting product.

05:00

So I sweat set up. A quick is not a lot of data because I'm running it on my temporary Jenkins here, but I set up There's a plug in and Jenkins to provide this Prometheus

05:10

Prometheus path so that you can get a lot of the metrics that that's running. I had it running against this, did some sampling, so you can see I can actually monitor the job of it. Memory are my memory That's free. How long these jobs were running, I could see I'm not running a lot. So it's It's normalising down to zero, but you can see them them running,

05:30

um, and then along the path along the time Siri's

05:33

and also shows health any the plug ins failed anything like that. If you want a monitor your pipeline, which is obviously a very important component.

05:44

And here's another perspective where I dis did ah, actual drill down on some of the metrics that underlying one of the dashboard. So this one is it was the Jenkins build success content are count. Sorry,

05:56

and it's grafted along a time series, and so you can see for each one of my projects. So there's like whether it's the Dev Ops one, the development, the deploy,

06:04

each one of those I get drafted over time and showed how many times it it was built.

06:14

Just a quick quiz. It's not really about what we learned, but it's just something to think about. Audit logs should be restricted with role based permissions. Is this true or false?

06:26

This is true, so you may not think about this, but we may have if you want to do centralized logging. Uh,

06:31

there might be more than just a security people that are interested in the logs developers might want to see some errors in their operations again may be interested in some of the developing symmetric some of logs,

06:45

so you have to just

06:46

open that up and make them roll base. So it's good idea to start thinking about this now. Specially, we're gonna be tagging events, but so that you can have separation of duties within your organization.

07:00

In this module, we looked at depths, checkups, continuous monitoring. Just

07:06

I was kind of Ah, several different ideas, but it's just exposing what, out there and get you thinking about what you need to do. You need to be thinking about yourself for implementing monitoring Question. You're Def SEC ops pipeline, and the next we're wrapping up the module, so