The live meetup on April 12, 5:30pm, will cover three topics:
- Leveraging ML/AI to advance Application Security, with Ryan Rasmuss, Check Point Software
- Why are malicious bots still so difficult to mitigate? with Jim Downey, F5
- Reducing Alert Fatigue with Container Scans: Correlate, Prioritize and Filter Based on Usage, with Kiran Kamity, CEO & Founder, Deepfactor
Kiran’s session abstract:
Today, developers and DevOps engineers are being asked to address vulnerabilities and apply chain risks in container images. However, the volume of noisy security alerts often leads to developers ignoring them entirely or wasting valuable sprint time researching “false positives.”
This session will focus on how engineering teams can correlate vulnerabilities with runtime information, prioritize alerts based on usage, and filter out false positives that don’t represent a true exposure of a vulnerability. Prioritizing security updates to only used packages in your container image is a highly effective approach to reducing alert fatigue with your container scans. In addition, your DevOps team can even consider removing some of the unused packages and shrink your container images. As an example, this session will include a demonstration of a typical SCA static container scan of a sample open-source test application and then show how an engineering team can filter alerts to reduce the number of vulnerable and used alerts that actually need to be fixed by developers by up to 90%.
Kiran Kamity is the Founder & CEO of Deepfactor. He is a serial Silicon Valley entrepreneur with a passion for building products that meet a need and make a business impact—with Deepfactor that’s empowering engineering teams to create secure cloud native applications. Prior to Deepfactor, Kiran was the Head of Product at Cisco Cloud BU, Founder/CEO at ContainerX (acquired by Cisco), and the Founder/VP at RingCube (acquired by Citrix). Kiran is a TEDx speaker and loves nature, travel, and food