Name
Breaking News: DevSecOps is Broken Without RUNTIME Observability
Date & Time
Friday, March 5, 2021, 11:30 AM - 12:00 PM
Kiran Kamity Joe Levy
Description

How confident are you that your code—including any 3rd party code your team brought in—is running in a secure and compliant manner before you deploy to production?
Imagine this - your developers check-in code for a new feature. It includes pieces of code your team wrote and pieces of code from a 3rd party. The code passes SAST & SCA and you deploy it to production. A day later, your production server is breached...and the attacker leveraged a bug in your code that caused privilege escalation and was able to become root.
In today’s microservices-containers/Kubernetes/Docker-DevOps world, a static code scanner isn't sufficient. DAST & IAST are too old and weren’t built for today’s developer-first world. You need modern observability techniques to detect risks in your application’s security, privacy, and compliance. Your developers need to know if their code or a 3rd party’s code can cause issues by leveraging tools that automatically observe their behavior at RUNTIME.
This panel of runtime observability and security developers and experts will discuss the what, why, and how continuous observability is the cutting-edge approach to:
- Detecting security and compliance risks based on observing all the threads and processes of a running application at the system call, library, network, web, and API layers
- Identifying insecure behaviors that only manifest at runtime and cannot be caught with code scanning or just looking at known CVE databases
- Reducing alert volume by prioritizing the findings of your SCA tools with runtime insights from observability tools
- Empowering Engineering leadership to accelerate productivity and decrease mean-time-to-remediate (MTTR) security risks pre-production as their teams ship secure releases on schedule
- Enabling AppSec teams to work better together with—and set the much-need guardrails for—engineering teams, and to make sure developers are automatically notified if an application behaves in a manner that could impair security or compliance
You’ll leave this session armed with the knowledge to immediately leverage runtime observability techniques for security and compliance, to consistently deploy apps with confidence.

Session Type
Spotlight Session
Virtual Session Link
Playing Now Picture URL