Once more, we're concerned with security for Enterprise-scale cloud native applications. Tonight, we'll see a new approach to collect security-relevant data to detect abnormal behavior.
== Agenda ==
18:30 Snacks & Drinks
19:15 Talk: Runtime Security for Kubernetes with Falco (Michael Ducy, Sysdig)
ca. 20:30: Snacks & Drinks
== Talks ==
Runtime Security for Kubernetes with Falco
Effective security requires a layered approach. If one layer is comprised, the additional layers will (hopefully) stop an attacker from going further. Much of container security has focused on the image build process and providing providence for the artifacts in a container image, and restricting kernel level tunables in the container runtime (seccomp, SELinux, capabilities, etc). What if we can detect abnormal behavior in the application and the container runtime environment as well? In this talk, we’ll present Falco - an open source project for runtime security - and discuss how it provides application and container runtime security. We will show how Falco taps Linux system calls to provide low level insight into application behavior, and how to write Falco rules to detect abnormal behavior. Finally we will show how Falco can trigger notifications to stop abnormal behavior, notify humans, and isolate the compromised application for forensics. Attendees will leave with a better understanding of the container security landscape, what problems runtime security solves, & how Falco can provide runtime security and incident response.
About the speaker:
Michael Ducy currently works as Director of Community & Evangelism for Sysdig where he is responsible for growing adoption of Sysdig’s open source solutions. Previously, Michael worked at Chef where we held a variety of roles helping customers and community members leverage Chef’s open source and paid solutions, as well as implement the ideas and practices of DevOps. Michael has also worked in a variety of roles in his career including Cloud Architecture, Systems Engineering, and Performance Engineering.