Thursday, February 18, 2021

- PST
OPEN TALK: Breaking News: DevSecOps Is Broken without RUNTIME Observability
Join on Hopin
Kiran Kamity
Kiran Kamity
DeepFactor.io, Founder & CEO
Mike Larkin
Mike Larkin
DeepFactor, Founder & CTO
Dr. Neil Daswani
Dr. Neil Daswani
Stanford Advanced Cyber Security Program, Co-Director

How confident are you that your code—including any 3rd party code your team brought in—is running in a secure and compliant manner before you deploy to production?

Imagine this - your developers check-in code for a new feature. It includes pieces of code your team wrote and pieces of code from a 3rd party. The code passes SAST & SCA and you deploy it to production. A day later, your production server is breached...and the attacker leveraged a bug in your code that caused privilege escalation and was able to become root.

In today’s microservices-containers/Kubernetes/Docker-DevOps world, a static code scanner isn't sufficient. You need RUNTIME observability into the application’s security, privacy, and compliance. Your developers need to know if their code or a 3rd party’s code can cause issues at runtime.

This panel of RUNTIME observability and security developers and experts will discuss the what, why, and how DeepFactor’s Continuous Observability platform:
- Automatically observes more than 170 parameters—across system call, library, network, web, and API behaviors in every thread of every process in every running container of your application—and detects security and compliance risks in your CI pipeline
- Detects insecure behaviors that only manifest at runtime and cannot be caught with code scanning or just looking at known CVE databases
- Reduces alert volume by prioritizing the findings of your SCA tools with runtime insights from observability tools
- Empowers Engineering leadership to accelerate productivity and decrease mean-time-to-remediate (MTTR) security and compliance risks pre-production as their teams ship secure releases on schedule

You’ll leave this session armed with the knowledge to immediately leverage continuous observability to consistently deploy apps with confidence.

- PST
(DeveloperWeek) : So You Think You Know the Behavior of Your Containers? Would You Stake Your Job on It?
Join on Hopin
John Day
John Day
DeepFactor, Customer Success Engineer
Mike Larkin
Mike Larkin
DeepFactor, Founder & CTO

You’ve developed a fabulous application in a container/Kubernetes Continuous Integration (CI) pipeline. The application works like it should, and the static scans look secure, but, is it actually operating securely? Are any 3rd party components you’ve integrated doing something they shouldn’t be doing? How do you know?

To be confident about the behavior of your app, active inspection of running binaries within a container, utilizing live telemetry is key. Pre-production observability enables this by filling the gaps that static code (SAST) and dynamic external inspections (DAST) don’t cover.

During this technical session, you’ll see pre-production observability in action and the benefits the solution delivers to developers and their teams. Mike Larkin, CTO at DeepFactor, and John Day, Customer Success Engineer at DeepFactor, will discuss a straightforward method to obtain this information from any container to deliver extracting metric data with minimal overhead. This information can then be processed to indicate issues that may affect the unknowing behavior of your container be it security, performance, or operational intention. You’ll leave this session armed with the knowledge to immediately leverage pre-production observability to consistently deploy apps with confidence.