Cloud Native Runtime Security with Falco


Sep 17, 2019, 3:30 – 6:30 PM

In-person event

About this event

For this new meetup, Lorenzo David from Sysdig will present Falco, a container security project currently living in the CNCF's sandbox.



In any Cloud Native architecture, there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity.
In this talk, we will cover the design principles and architecture of Falco, an open source container native runtime security engine, capable to ingest the host system calls event stream, as well as application metrics and Kubernetes audit events.
We will also show how to create Falco rules to detect behaviors for these heterogeneous event streams, and how to extend Falco for additional custom events sources.
Attendees will gain a deep understanding of Falco’s architecture, and its use cases for runtime container security.



Lorenzo is a Senior Software Engineer at Sysdig, where he help defining, architecting and developing the Sysdig Secure portfolio.
Prior to Sysdig, he worked in the Software Defined Networking space, as core engineer of the Next-Gen VMware NSX Firewall.
He has double degree M.S. in Computer Science from the Polytechnic University of Turin and EURECOM/Telecom ParisTech.


Thanks a lot to JobOpportunIT ( for offering the pizzas and beverages to the participants.



Tuesday, September 17, 2019
3:30 PM – 6:30 PM UTC


  • Luc Juggery


    Senior Software Engineer