Getting Started with Secure DevOps

Reacting to performance and availability issues pulls your team away from development work. If security and compliance controls are not integrated into your workflow, they can slow you down. Issues may be identified as you release to production, adding churn.

Automating and integrating tools accelerates DevOps

Elite DevOps teams, based on software delivery and operational performance metrics, automate and integrate more tools into their toolchains. This concept is well recognized in the monitoring domain, but not as much in security. While 57% of elite teams have integration with production monitoring and observability tools, only 31% have automated security tests.^[1]

Although integrating security lags monitoring today, regulatory and internal policies requirements eventually require teams to address security and compliance as part of their DevOps workflow.

Image Scanning Learn More

• Scan for known software vulnerabilities taking into account any third-party libraries developers might be pulling in.
• Embed scanning into CI/CD pipelines and registries. Leverage Kubernetes admission controllers to prevent risky image deployment.
• Integrate with Open Policy Agent (OPA) for advanced policy decisions.
• Validate the build configuration (Dockerfile instructions) and image attributes (like size, labels, etc.).
• Identify new vulnerabilities across large multi-cloud Kubernetes deployments and alert teams quickly.
• Adopt local scanning and maintain full control of your images.

Runtime Security Learn More

• Use a set of predefined policies to detect anomalous activity at runtime.
• Leverage an open-source runtime detection tool, like Falco, that provides community-driven rules for common security frameworks (MITRE ATT&CK, FIM, cryptomining, etc.)
• Use rich cloud/Kubernetes context to apply precise policies and reduce noise.
• Automatically remediate with response actions to pause or kill containers to block threats.

Compliance Learn More

• Validate compliance using out-of-the-box rules mapped against common compliance frameworks including PCI, NIST, etc.
• Leverage CIS benchmarks for Docker and Kubernetes to ensure that you’re following security best practices (e.g., don’t run privileged containers, don’t run containers as root)

Application and Cloud Service Monitoring Learn More

• Use pre-built dashboard templates for your backend services.
• Get to root causes faster by correlating application performance to your Kubernetes infrastructure.
• Leverage your existing developer investment with full Prometheus compatibility.
• Save time with curated and supported Prometheus integrations to monitor applications and cloud services.

Kubernetes and Container Monitoring Learn More

• Auto-discover and explore your container, cloud, and Kubernetes environments.
• Use out-of-the-box dashboards to visualize the performances of your applications and containers.
• Easily configure alerting across nodes, namespaces, clusters, metrics, and tags.
• Reduce cost by optimizing resource usage and capacity.