Addressing infrastructure vulnerabilities with preventative risk management

Vulnerability scanning is a last line of defense. Your first line should be preventative risk management strategies that shift security left and narrow the window for exploits. → developer.hashicorp.com/validated-patterns/terrafo…

We know that identifying and patching vulnerabilities is crucial to the overall infrastructure security strategy. However, organizations often overlook the various places where vulnerabilities reside. One of which is the building blocks of modern infrastructure: system images. Images (such as AMIs for Amazon EC2, virtual machines, Docker containers, and more) lay the foundation for infrastructure, and most would be surprised to hear that upwards of 87% of container images in production have been found to possess critical vulnerabilities, with the average age of a vulnerability being 277 days.

Organizations must modernize their image practices to meet the security demands of cloud environments. A key part of this process is vulnerability and patch management or the mitigation, identification, and prioritization of vulnerabilities and the operational process of removing them.

Together, HCP Terraform and HCP Packer form a comprehensive workflow to reduce vulnerabilities in infrastructure through preventative risk management. By continuously repaving with our vulnerability and patch management workflow, organizations can:

1. Prevent vulnerabilities from getting out into their infrastructure in the first place
2. Reduce the window for exploitation, continuously updating images before they reach the mean time to exploit

Sign up for the HashiCorp Cloud Platform free to start preventing vulnerabilities today → portal.cloud.hashicorp.com/sign-up?utm_source=goog…

0:00 - Intro
0:21 - Selecting our resource
0:39 - Image channels
0:58 - Removing image version
1:14 - Revoking image version
1:31 - Identifying drifted workspaces in HCP Terraform
2:08 - Viewing a drifted workspace
2:47 - Inspecting drift details
3:13 - Updating deployed image
4:07 - Safeguards with run tasks
4:51 - Policy checks
5:24 - Applying changes

#Terraform #InfrastructureAsCode #DevOps

Products: HCP Terraform, HCP Packer

Subscribe to our YouTube Channel → youtube.com/c/HashiCorp?sub_confirmation=1

For hands-on interactive labs, visit HashiCorp Developer → developer.hashicorp.com/

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools Vagrant, Packer, Terraform, Vault, Consul, Nomad, Boundary, and Waypoint allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices.

For more information → hashicorp.com/
LinkedIn → linkedin.com/company/hashicorp
X → x.com/HashiCorp
Facebook → facebook.com/HashiCorp