 Well, hello, everyone, and welcome to another video of Red Hat OpenShift container platform featuring our partner ecosystem. My name is Dave Muir. I'm a Global Principle Solutions Architect focused on Red Hat security ISVs, and in this video I plan to demo Prisma Cloud Compute securing the runtime aspects of Red Hat OpenShift. So if you want to see how Prisma Cloud can provide you with a centralized user interface like this, which defends and monitors your microservices applications for things like vulnerabilities, runtime attacks, network communications, and compliance issues, then stay tuned for the next 10 minutes to see how. And the agenda for this video is I'll give a quick overview of the Prisma Cloud Compute and Red Hat OpenShift solution. Then we'll take a look at the architecture of Prisma Cloud, and then we'll jump right into a demo. So if we take a look at the Palo Alto, Prisma Cloud and Red Hat OpenShift DevSecOps solution blueprint, you can see that Prisma Cloud is a very good complement to Red Hat capabilities. On the left-hand side, Prisma Cloud has plugins for your IDEs, source code management, and build automation. For example, doing things like detecting issues in your IAC or infrastructure as code templates and deployment files against Prisma Cloud security policies. In the container registry, Prisma Cloud can scan container images in both public and private repositories. And in the orchestration and running cluster, Prisma Cloud has advanced threat protection with its runtime security four-dimensional container model, including vulnerability management, compliance, and malware scanning, and an attack explorer for runtime defense. If we take a quick look at the Prisma Cloud Compute architecture, there are actually two additions that Palo Alto offers. One is the Prisma Cloud Enterprise Edition. That's the software as a service. The one we'll be demoing today is the Prisma Cloud Compute Edition. That's self-hosted, and you'll see that on Red Hat OpenShift container platform. In either deployment option, you'll have defenders, which in OpenShift are installed as a daemon set. This ensures that each instance of the defender runs on every node in the cluster to protect your environment according to the policies you set in the Prisma Cloud console. There's actually different flavors of the defenders, and the one in this demo is the container defender, which also supports all host defender capabilities. Each one of those defenders is designed to protect specific types of cloud-native resources and report back to the Prisma Cloud console to give you a single tool to secure a multi-hybrid cloud environment. Okay, so I'm going to jump over to Red Hat OpenShift container platform. First thing I want to show you is the Prisma Cloud Compute deployment. If we jump over to the Twistlock project and go to workloads, you'll see that Twistlock console is up and running. It's got two defenders. It's because this is a daemon set, and this is a two worker node cluster. If I then go to networking and head over to routes, that'll give me the URL to the Twistlock console, where I can log in as an administrator, and that sends me to the radar's view of all the containers that are shown here, and we're looking specifically at the Sockshop namespace. So Sockshop is the demo application that we're using here within the OpenShift container platform to show the capabilities of Prisma Cloud. If we head on over to the Sockshop project, you can see the route is there as well as this is a microservices application of all these different containers, and those containers are visualized here within Prisma Cloud. Now before this demo, I went inside Sockshop and added things to my card, checked out to create network traffic, which allows Prisma Cloud to understand the network communication between these microservices. So going back to Prisma Cloud Compute, you'll notice that these microservices, these containers have now relationships, communication relationships with each other. Now within Prisma Cloud Compute, you can click on any one of these containers and view things like vulnerabilities, compliance information, runtime events. So if we take a look at the vulnerabilities, you'll get a lot of detailed information about what this vulnerability is, the severity, the type of package linked to the CVE database, risk factors, description, all the good information you need to make an informed decision about this vulnerability. I want to also add that Prisma Cloud is a Red Hat vulnerability scanner certified partner. And so what that means is that we've collaborated with Palo Alto to provide minimal discrepancies when Prisma Cloud is scanning Red Hat containers or content between what Prisma Cloud reports and what is found in the Red Hat catalog. The certification also provides a higher level of support for our joint customers when they do find discrepancies. You can also click on the network communication between containers. And in this case, you can see the observed port is TCP80. Another thing you can take a look at are the containers themselves, information like the actual image, ID, what cluster it's on, the namespace, any processes that are running, behavioral, extended behavioral, any learned or listening ports, like you can see this Mongo database is listening on 27017 and any file system mounts that have been observed in this container. Another really cool feature, Prisma Cloud is the compliance explorer. This is a reporting tool for compliance rates. Metrics present the compliance rate for resources in your environment on a per check per rule or per regulation basis. This data can be exported to CSV for further investigation. The key thing here is to look for failed compliance checks. And from there, you can further slice and dice the data by things like collection and benchmark or issue severity. But you have a collection filter up here up top, then there's roll-up charts here in the middle. Then at the bottom, you've got details on the checks themselves. And you can go to specific frameworks like this CIS Kubernetes benchmark and see specific compliance rates and which ones have achieved compliance or failed this compliance check. Now, in addition to finding all the vulnerabilities within the images that are running in your cluster, Prisma Cloud Compute can also find issues within your container like malware, if private keys are stored in your container, or certain things like this. An image should be created with a non-root user. You can also look at all the different layers that created this image and understand all the different packages that are in this image as well. Finally, a really cool feature of Prisma Cloud Compute is the attack explorer. The attack explorer provides a framework that helps you contextualize runtime audits, manage them, and generate risk reports. And as you may know, the attack framework is a knowledge base of tactics and techniques that adversaries use to attack applications and infrastructure. And this attack dashboard serves as a portal to the raw events and monitor events view in Prisma Cloud. All the audits are mapped to tactics and techniques. For example, when a defender detects a crypto miner in your environment, that is mapped to the resource hijacking technique under impact tactic. While I don't have a crypto miner in my cluster at the moment, I did create a custom rule that alerts when the mount process is executed from any pod. Before this demo, I SSHed into one of my pods and ran mount. And you can see this is registered as a native binary execution technique under the execution tactic. You can then drill into it further for forensic purposes. And so like native binary execution, the attack dashboard collates audits and maps them to these tactics and techniques and presents this visually in this attack matrix. All the data is available via the API and users can set various alerts and triggers from ticketing seams and sores and playbooks for incidents response within Prisma Cloud. All right, now let's jump back to the presentation where I wanted to quickly show the key capabilities of Prisma Cloud compute. I gave a quick demonstration of some of these features like vulnerability management and compliance and runtime defense. But this very quick less than 10 minute demo doesn't do Prisma Cloud the justice it deserves with its comprehensive cloud native security feature set that you see here. It's got much more functionality in runtime defense with machine learning, cloud native firewall technology and access control monitoring as well. So I'd like to call your attention the Palo Alto Networks Red Hat OpenShift URL that you see on this page. This will provide you a lot more great information on our joint solution together. You can always just Google Prisma Cloud OpenShift and this page will be right at the top. Also if you're interested in getting your hands dirty and trying Prisma Cloud compute on Red Hat OpenShift and like a workshop type setting, there's a contact us button on red.ht ford slash DevSecOps. We look forward to hearing from you and I'd like to thank you all for watching this demo. Take care everyone.