Moving from DevSecOps to DevProtectOps!

DevSecOps is the cultural transformation and collaboration between development, security, and operations teams to deliver value quickly, securely, and with resiliency to achieve mission objectives. DevSecOps promotes “shift-left” development methodologies which encourage security-preparations start at the very beginning of application development and carry through to the supply chain to detect potential vulnerabilities and compliance issues before production deployment.

Performing vulnerability scans on your software, dependencies, and network are necessary and when done earlier in the process allows you to fix known problems before they become negative impacts on the end-product, the application, and organization. Scanning best practice provides layers of needed security for the supply chain but is not designed or capable of protecting the services from unknown attacks once these services are in production.

Most security monitoring technology includes build, image, registry, and runtime scanning but only tells you after a breach has occurred. It does not hold a position in your live traffic to prevent malicious traffic movement and damage from occurring. Scanning and forensics tools, while a solid and needed base to any DevSecOps strategy, provide valuable historical data but are not able to defend containers from attack.

Today, as more public sector agencies modernize their infrastructure and embrace containers and Kubernetes as their desired service delivery technology, we need to address the real dangers and the requirement to not just depend on “shift left” when moving to production.

In this event we’ll look at the migration that is occurring as agencies move applications from DevOps to Production and why they should migrate to a “protect-first” defensive model as the ultimate step to protect a modern software development and delivery practice in production.

You won't want to miss this overview of NeuVector, brought to you by, TDSPS, & RGS.