Cloud Native Application Protection Platforms - Helion
ebook
Autor: Russ Miles, Stephen Giguere, Taylor SmithISBN: 9781098141660
stron: 206, Format: ebook
Data wydania: 2024-09-13
Księgarnia: Helion
Cena książki: 211,65 zł (poprzednio: 246,10 zł)
Oszczędzasz: 14% (-34,45 zł)
Cloud native security isnâ??t a game for individual players. It requires team collaboration with a platform that can help cloud security engineers, developers, and operations people do their best work. Thatâ??s what the cloud native application protection platform (CNAPP) delivers. With this practical guide, youâ??ll learn how CNAPPs can help you consolidate security through DevSecOps across cloud native technologies, practices, and application lifecycles.
Through real-life attack scenarios, authors Russ Miles, Steve Giguere, and Taylor Smith help you explore how CNAPP not only mitigates multidimensional threats, but also reduces complexity and helps your team stay one step ahead of attackers. CNAPP provides a holistic approach to your cloud native development across identities, workloads, networks, and infrastructure.
With this book, you will:
- Examine threats to different parts of the cloud native stack, including pipelines, supply chains, infrastructure, workloads, and applications
- Learn what CNAPP is and how it enables the context-sharing and collaboration necessary to secure your applications from development to runtime
- Assess your own attack surface from a code and runtime standpoint
- Identify blind spots in your existing cloud native security coverage
- Leverage CNAPP to achieve a holistic, collaborative security environment
Osoby które kupowały "Cloud Native Application Protection Platforms", wybierały także:
- Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
- Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
- Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
- Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)
- Od hierarchii do turkusu, czyli jak zarządzać w XXI wieku 58,64 zł, (12,90 zł -78%)
Spis treści
Cloud Native Application Protection Platforms. A Guide to CNAPPs and the Foundations of Comprehensive Cloud Security eBook -- spis treści
- Preface
- Who Should Read This Book
- Why We Wrote This Book
- Navigating This Book
- Whats Not in This Book
- Important Terms
- A Brief Cloud Native and CNAPP Primer
- Cloud Native
- DevOps, IaC, and Bears, Oh My!
- Securing the Whole Deal Is Hard!
- Enter the Cloud Native Application Protection Platform
- Conventions Used in This Book
- Using Code Examples
- OReilly Online Learning
- How to Contact Us
- Acknowledgements
- 1. Cloud Security, the Collaborative Game
- The Cloud Native Security Game
- How a Play Is Made: The Anatomy of an Attack
- Meet the Attackers: Actors and Vectors
- The Attackers Moves
- Gaining initial access
- Establishing the foothold
- Escalating Privilege
- Executing the attack
- Broad, Deep, and Complex: The Cloud Native Security Game Board
- First, a Pinch of Structure: The Cloud Native Stack
- Second, a Smattering of Speed: Lifecycles
- To Season, Add Some Open Source
- Open Source: Easy Button for Growth, but at What Risk?
- Your (Insecure) Dish Is Ready: From Shallow to Defense in Depth
- The Attack Surface Is Broad
- Your Team: Cloud Security, Operations Security, and Development Security
- From Code to Cloud: Cloud Security Engineers + Security-Aware Developers + Security Operations
- Your Team, Siloed
- Working in silos
- Tooling gaps
- DevSecOps: Whoever Collaborates Best and Learns Fastest, Wins
- Collaboration and Emergence
- Who OODAs Best, Wins
- Your CNAPP Enables Your Cloud Native Security OODA Loop
- Losing Our Cloud Native Security Game
- 2. Playing to Win with Context and Collaboration
- Surfacing and Observing Your Security
- Observing Your System
- Combining Observing with Security Advice
- CNAPP Policies: From Observing to Orienting, Deciding, and Acting
- Orient Through CNAPP Policy Pattern-Matching
- Triggering Cross-Team Decisions and Actions
- Acronyms, Assemble! Key Terms and Definitions
- Back to Our Security Breach
- Lost in Translation
- Winning with Shared Security Context and Collaboration
- Surfacing and Observing Your Security
- 3. A Shadow Cloud Emerges: Immediate Visibility, Maintaining Control
- Notable by Its Absence
- Characteristics of a Shadow Cloud
- Cloud Security Posture
- Surfacing Your Cloud of Curiosities
- Observe: Identifying the Assets
- Orient: Identifying Threats and Vulnerabilities
- Decide: Analyzing, Categorizing, and Prioritizing the Risks
- Act: Connecting Your CNAPP to the Action Through Integrations
- Learn: New Problems, New Policies, New ControlsNew Loops
- Rinse and Repeat, Continuously
- From Continuously Reacting, to Continuously Proacting
- 4. Preventing Risk Early
- The Interface Between Security and Development Work
- Comparing the Developer and Security Domain Languages
- CNAPP as an Anti-Corruption Layer
- Respecting the Goals of Effective Security and Development Teams
- Team Interaction Modes
- CNAPP as a Development Collaborator
- Inspecting Your CNAPP Policies
- Surfacing Security Where You Work
- Security Awareness and Immediate Fixes in the IDE
- When a PR Is Born
- Checks and Balances in the Build
- Scope, Feedback, and (Helpful) Blame
- Automatically Updating Your Security Posture
- The Interface Between Security and Development Work
- 5. Securing Your Supply Chain
- Introducing Your Cloud Native Supply Chain
- Your House of (Cards) Supply Chains
- How Supply Chain Attacks Work
- Rapid Release, Rapid Vulnerabilities
- From Trust, through Fear and Suspicion, to Proactive Exploration and Resolution
- Fear and Loathing in Dependencies
- Making the Invisible Visible: CNAPP Software Composition Analysis
- Building a Cloud Native SBOM (Software Bill of Materials)
- Completing the SCA OODA Loop
- From the Packages to the Packager
- Introducing Your Cloud Native Supply Chain
- 6. Continuous Delivery, Continuous Insecurity
- CI/CD Pipelines: The Arteries of Production
- The Purpose of a CI/CD Pipeline
- Understanding CI/CD
- Where Are My Risks?
- Real-World Examples
- Codecov
- SolarWinds
- CI/CD Under the Lens of your CNAPP
- From Pipelines to Production
- 7. Protecting Your Runtime
- Cloud Security Posture Management
- Cloud Workload Protection Platforms
- Cloud Infrastructure Entitlement Management
- Runtime Security Requirements in a CNAPP
- All for One and One for All Runtime Security
- Whats Under the Hood?
- Agent-Based Security
- Agentless Security
- Better Together
- What Is an Attack Path?
- From Breadth and Depth to (Data) Depth
- 8. Data Security Posture Management
- Introduction to DSPM
- What Is Sensitive Data?
- Personal information
- Corporate and government information
- The Evolution of Data Security in Cloud Environments
- What Is Sensitive Data?
- How Does DSPM Work?
- Data Discovery
- Data Classification
- Establishment and Application of Security Policies
- AI and DSPM Sittin in a Tree
- How Much Better Could It Have Been?
- Equifax Breach (2017)
- What happened
- How DSPM could have helped
- Marriott International (2018)
- What happened
- How DSPM could have helped
- Capital One (2019)
- What happened
- How DSPM could have helped
- Equifax Breach (2017)
- DSPM Is a Platform Solution
- Isnt an LLM Also Data?
- Exposing the Heart of Our Problems: Data Theft and Data Laundering
- Introduction to DSPM
- 9. Building a CNAPP Culture
- From Slow Culture War to Fast Culture Collaboration
- Gene Kims Contributions
- Insights from Team Topologies
- Determining Root Causes
- A CNAPP Is the Doctor
- A CNAPP is Cost-Centric Security
- Security Chaos Engineering
- Disparate Tools Lead to Security Theater
- Total cost of ownership (TCO)
- How to avoid this scenario
- A CNAPP Makes the (Security) Team Work
- From Slow Culture War to Fast Culture Collaboration
- Index