SPIKE: Investigate and document current security packages
As Part of the epic Review the current BB tooling across these metrics:
-
Vulnerability Management: Ability to scan container images for vulnerabilities during development and runtime. Check how frequently the tools update their vulnerability databases and their ability to integrate with CI/CD pipelines.
-
Compliance Monitoring: Support for ensuring containers are compliant with security standards and best practices (e.g., CIS benchmarks, PCI DSS, GDPR). Evaluate the tools’ capabilities to generate compliance reports and handle audits.
-
Runtime Protection: Capabilities to monitor and protect containers at runtime. This includes detecting and preventing suspicious activity based on predefined or customizable rules.
-
Intrusion Detection: Implementation of intrusion detection mechanisms using behavioral monitoring, anomaly detection, and eBPF (Extended Berkeley Packet Filter) technology. Assess the depth and breadth of detection methods provided.
-
Network Segmentation and Firewalling: Tools should provide capabilities to control network traffic between containers and enforce micro-segmentation policies to limit communication paths and reduce attack surfaces.
-
Forensics and Incident Response: Features that help in post-breach analysis, such as logging and recording system calls or network traffic. These should facilitate a detailed investigation following a security incident.
-
Integration with Existing Systems: Ability to seamlessly integrate with existing security tools, orchestration platforms, and SIEM systems. This is important for creating a unified security posture and automated response mechanisms.
-
User Interface and Ease of Use: Quality of the user interface and overall user experience, which can affect adoption and daily operations. Consider the ease of setup, configuration, and ongoing management.
-
Support and Community: Availability of support options, responsiveness of the support team, and the vibrancy of the community around the tool. This can be crucial for resolving issues and sharing best practices.
-
Licensing and Cost: Understand the licensing models and associated costs. Open-source tools might have no licensing cost but may require additional effort for support and customization.
Results will be commented back here. The list of services we will be reviewing.
- Neuvector
- Prisma Cloud (Twistlock)
- Kyverno
- Anchore
- Gatekeeper
- Cluster Auditor
This will allow us to potentially investigate new tools along these lines and compare them.
Overall, this will allow us to make better recommendations for what BB should suggest for our default tooling options and evaluate new tools against them
Activity
added to epic &351 (closed)
assigned to @dax.mcdonald
added kinddocs teamSecurity & Compliance labels
added triage-priority label
added priority7 label
removed triage-priority label
added big-bang/product/packages/neuvector#147 (closed) as child task
added big-bang/product/packages/kyverno#111 (closed) as child task
added #2211 (closed) as child task
added big-bang/product/packages/policy#262 (closed) as child task
added #2212 (closed) as child task
changed milestone to %2.33.0
added big-bang/product/packages/twistlock#163 (closed) as child task
changed iteration to Big Bang Iterations Jul 23, 2024 - Aug 5, 2024
added statusreview label
removed iteration Big Bang Iterations Jul 23, 2024 - Aug 5, 2024
changed iteration to Big Bang Iterations Aug 6, 2024 - Aug 19, 2024
Analysis is presented here as the final part of the epic.
Individual package analysis is linked to each sub issue