In recent years,
DevOps has developed into one of the most popular software development methods.
DevOps has had a significant impact on the thinking and technical prospects of the entire software industry. As you can see, the success or failure of the enterprise in the DevOps implementation process depends not only on the cultural understanding of the team members and the changes in related processes, but also on the technical implementation capabilities of the Dev and Ops teams. It can be said that every software professional engaged in construction and release engineering strongly hopes to become an expert in the field of DevOps, so as to be able to build a variety of cloud-based, locally compatible software infrastructure in a highly competitive market environment.
In addition, with the introduction of programming languages such as Python and Go, we can not only use the DevOps tool chain to automate testing and deployment in the software development lifecycle, but also solve problems such as: software application service updates, fixes, and patches. The legacy problems of classes make them more flexible, and then bring the best value to enterprises and organizations in a highly integrated manner.
Endpoint Detection Response (EDR)
EDR is a
network security technology that can meet the needs of continuous monitoring and response to various advanced threats. Specifically, when deploying applications, detecting threats, and implementing preventive measures, it can ensure that endpoints require minimal human intervention.
In general, EDR solutions have rich data collection and
monitoring capabilities that allow organizations to detect and repair various advanced threats before they suffer serious damage. Therefore, by developing and implementing EDR solutions, we can protect the organization from various potential cyber attacks to a certain extent.
Now, with the timely disclosure of various reports, we have discovered that security vulnerabilities are far more widespread than ever. Most of these security holes enter the network through endpoints. By
continuously monitoring malicious activities on endpoint devices in the network, the EDR scheme can assist in the use of triggers to identify them according to the attack method, so as to provide proactive detection and preventive measures against real-time scenarios based on proactive analysis of endpoint data.
In addition, the EDR solution also has the ability to analyze the behavior of users and devices on the endpoint and send relevant alerts to the system based on suspicious activity. Compared to the use of digital signatures to detect various threats in the past, EDR can actively apply security threat intelligence to behavior-based solutions. In general, all processes of the EDR scheme are mainly based on activities, events, and interactions on (or with) endpoints.
Security in DevOps
In recent years, with the publicity of DevOps in the industry and the practice of DevOps by various enterprises, people have been able to realize the necessity of shifting to DevOps culture. However, the corresponding security does not seem to receive enough attention. The following are some of the challenges we may encounter when the DevOps method is implemented:
1. Environmental challenges
Any differences we encounter in the implementation environment will undoubtedly lead to significant differences in development and deployment. Therefore, we need to effectively manage the challenges of environmental changes through change management, and then maintain the consistency of delivery goals.
2. Open source
To some extent, open source projects are critical to any business operation. With the extensive use of open source code, the DevOps approach has improved significantly in efficiency. Nowadays, open source software has broken away from the image of "small workshop" products in the past, and gradually developed into a technology that can be adopted and maintained at the enterprise level. It can be said that with the open source project, the development team can quickly obtain those code fragments that have undergone actual commercial inspection, and enhance specific application functions accordingly.
However, an objective situation that deserves attention is that most of the emerging network security applications are often regarded as latent high-risk open source vulnerabilities. Therefore, in order to avoid becoming a "little mouse in the laboratory", the team should read the source code and related documents to understand the open source framework used in the DevOps tool chain and its common prompt information. At the same time, the team should also fix various errors in a timely manner through secondary development and iteration, and release available application patches. Of course, in some cases, it is also a good choice to directly use the mature code base products on the market.
3. Security management
One of the key factors for the success of
DevOps is to ensure that security parameters have a place in the design framework when creating an overall strategy. From a comprehensive perspective, a good security posture can not only reduce the risks in the software delivery process, but also ensure its own compliance. In the past, long software development cycles were neither introduced nor best secure coding practices were adopted. This resulted in the team lacking a comprehensive understanding of security methods and strategies during the process of writing code and building submissions. Therefore, it is necessary for us to incorporate security coding and management into the entire life cycle of project development.
4. Test framework
Reliable testing is one of the important criteria for successful DevOps implementation. Today, we can use a variety of automated tools to increase the speed at which developers can deliver code and build executable files. At the same time, many tools can display the percentage of code coverage to facilitate the test team to find and study the defects in the code in a timely and effective manner, as well as methods that need improvement, and then adjust various test schemes. This improvement from waterfall to agile to DevOps will help us build a robust software infrastructure.
5. Indicators and monitoring
After the software product is delivered to the customer, if there is an undetected delay in the system, it may cause different levels of quality problems for multiple business lines. Based on my experience in delivering various end-to-end systems in this domain, operators can easily monitor and determine the start and stop status of target services through a classic GUI with established color coding. On this basis, we can pre-define the quality of service indicators in advance to find out, for example, when the end user logs in to a started application, because the program hangs or the loading time is too long, it cannot be used normally. For example, learning about the speed of the Scrum team can help us identify those bottlenecks that affect quality and agility, or critical skill gaps. According to this, we can successfully deliver client applications and bring valuable services to enterprises by adjusting relevant infrastructure during
DevOps practice.
Integration of EDR and DevOps
DevSecOps, which is often mentioned in the industry, is dedicated to introducing and using tools and solutions to ensure the continuous integration, development and delivery of applications. This type of service can run on the server side in the form of an application, or it can "run" on the client device. Among them, the EDR solution working in the endpoint system can be integrated in the
DevOps cycle to facilitate developers to track various intricate activities and solve security threat-related issues in the fastest and automated way.
Generally, the public cloud can provide developers with a cloud environment suitable for developing, testing, and executing applications, and the DevOps method is mainly applicable to the community cloud and various tool sets supported by its providers. Of course, cloud resources also have their own security issues. For example, once there is any configuration or code error in an application, the attack surface it may receive will quickly expand. Moreover, various types of developers often use their own devices to develop and monitor applications, so we cannot guarantee whether all types of devices that access cloud resources meet the basic security posture requirements. At this point, we need to deploy and enable the EDR solution on the endpoint and the cloud application.
In DevOps, we usually use the following integrated functions of the EDR solution to achieve the safe delivery of software products:
Accept and apply threat intelligence
Ability to detect and prevent hidden complex processes
Provide full visibility of endpoints
Automated custom alerts
Ability to timely detect specific processes that were shut down due to attacks
Detect malicious activity and simplify response to security incidents
Through the forensic function, the impact of violations can be minimized
Through data collection to build a repository for analysis
Gartner once listed in his report "Competitive Landscape: Endpoint Detection and Response Tools" those vendors with leading services in this market. The report also discussed in depth the various functions of EDR that we mentioned above.
to sum up
Although the deployment of EDR does not mean that organizations can once and for all reduce the risk of intrusion and attacks. However, the current popular EDR solutions are often based on the most advanced technologies. And these technologies just can analyze the information provided by the request source and the endpoint, and generate corresponding operations. Through the integration of the EDR tool and the DevOps tool chain, enterprises can not only further the automation of the overall process, but also track various security vulnerabilities in time while the service is running, and correct and eliminate defects in the code framework.
Nowadays, with the increasing importance of endpoint devices in generating various security incidents, for the DevOps team, according to the concept of Shift-left Testing, security control is implanted into the project as soon as possible, through security coding It is very worthwhile for every member to practice the protection of endpoint devices and the inspection and response of the cloud and the terminal.
