Automated Cloud-Native Incident Response with Kubernetes and Service Mesh

Explore automated cloud-native incident response techniques using Kubernetes and service mesh in this 37-minute conference talk. Recap incident response fundamentals and gain insights into cloud-native technologies such as Kubernetes, Istio, and GitOps. Learn about a custom Operator for dynamically adding complex layer-7 traffic rules in response to environmental changes. Follow a step-by-step walkthrough of responding to a log4shell attack against a Kubernetes cluster workload, covering sensor alerts, SIEM analysis, IRP automation with honeypots and isolation, building Indicators of Compromise (IoC), and neutralizing the attack. Discover how to adapt established security practices like the MITRE Att&ck Framework and Lockheed Martin Kill Chain to modern cloud-native platforms.

Automated Cloud-Native Incident Response with Kubernetes and Service Mesh - M Turner & F Beltramini