2025-03-31 –, The Waterloo
Service mesh solutions are widely adopted to protect the confidentiality and integrity of applications and data, but their architectures can inadvertently introduce vulnerabilities that attackers may exploit. To achieve true defense in depth, it’s critical to identify and address these gaps in service mesh security.
This session will explore the attack vectors targeting service meshes and offer practical guidance for hardening deployments. Attendees will gain actionable insights into enhancing security observability, enforcing or stopping malicious processes, and ensuring network isolation across layers 2 to 7. We’ll demonstrate how to secure the service mesh itself, covering anti-spoofing techniques, filtering non-HTTP/S protocols, and implementing a comprehensive foundational security framework. By identifying and addressing the holes in service mesh security, we can keep calm and mind the gap between vulnerabilities and robust protection.
Piotr is an architect in the field of security, networking, and clouds. Co-organizer of the Cloud Native Warsaw chapter. Contributor to open-source projects such as Cilium. Designed and implemented Cloud Native and Data Center solutions in global projects. Co-created features in MPLS, Adaptive Code Modulation, and Autonomic Networking solutions. Presenter and author of sessions at CNCF and industry events. He holds CKS, CKA, CCSP, CCDE, CCIE certificates. In his free time he solves puzzles.