Using a recent real-world example, we'll illustrate how to prevent, detect and mitigate the risk of container-based threats using Calico Cloud.
The Spring Boot web application used in this workshop is vulnerable to Log4Shell (CVE-2021-44228).
This workshop will teach you how to use Calico Cloud to protect mission-critical applications from container-based threats. You will learn how to assess your applications for vulnerabilities before deploying them to Kubernetes clusters, and how to set policies to control whether they are allowed to run. You will also learn how to exploit a vulnerable application to exfiltrate sensitive information and gain remote access. Finally, you will learn how to detect and observe attacks in real-time, isolate the intruder elements, and gather evidence to report the incident.
We will guide you through the following Calico Cloud use cases:
-
Detect vulnerabilities in container images at build and runtime.
-
Use policy to prevent vulnerable container images from being deployed.
-
Expose reconnaissance gathering and exploitation attempts.
-
Observe data exfiltration of sensitive information leaving the cluster.
- Detect exploitation attempts by evaluating workload traffic against intrusion detection signatures.
- Detect the presence of malicious files and processes in compromised workloads.
- Detect and block OWASP top 10 and other threats like Log4Shell.
- k8s cluster compliant with system requirements
Docker
curl
kubectl
- Module 1: Creating a Kubernetes cluster
- Module 2: Join the cluster to Calico Cloud
- Module 3: Introduction to the Log4j vulnerability
- Module 4: Prevent
- Module 5: Detect
- Module 6: Exploit
- Module 7: Mitigate
- Module 8: Respond
- Tigera - How security policies can protect your environment from future vulnerabilities like Log4j
- Tigera - Zero trust for cloud-native workloads: Mitigating future Log4j incidents
- Amazon - Using AWS security services to protect against, detect, and respond to the Log4j vulnerability
- Microsoft - Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability