Container Runtime Security with Falco

Saint Louis

Apr 4, 2019, 11:30 PM – Apr 5, 2019, 1:30 AM

In-person event

About this event

Join us for a talk on the highly anticipated open-source container security project, Falco, presented by its maintainer Sysdig! Falco is a new CNCF sandbox project and is at the heart of an advanced cloud-native & Kubernetes security stack --

Title: Container Runtime Security with Falco


Host intrusion detection (HID) has been around for some time. What if we rethought the problems HID solves in the context of Cloud Native platforms? What if we can detect abnormal behavior in the application, container runtime, & cluster environment as well?

In this talk, we’ll present Falco, a CNCF Sandbox project for runtime security. We will show how Falco taps Linux system calls & the Kubernetes API to provide low level insight into application behavior, & how to write Falco rules to detect abnormal behavior. We’ll show how to collect & aggregate alerts using an EFK stack (Elasticsearch, Fluentd, Kibana). Finally we will show how Falco can trigger functions to stop abnormal behavior, & isolate the compromised Pod or Node for forensics.

Attendees will leave with a better understanding of what problems runtime security solves, & how Falco can provide runtime security & incident response.


Michael Ducy @mfdii
Director of Community & Evangelism, Sysdig

Michael Ducy currently works as Director of Community & Evangelism for Sysdig where he is responsible for growing adoption of Sysdig’s open source solutions. Previously, Michael worked at Chef where we held a variety of roles helping customers and community members leverage Chef’s open source and paid solutions, as well as implement the ideas and practices of DevOps. Michael has also worked in a variety of roles in his career including Cloud Architecture, Systems Engineering, and Performance Engineering. Michael holds a Masters in Computer Science from the University of Chicago and an MBA from The Ohio State University.



April 4 – 5, 2019
11:30 PM – 1:30 AM UTC


  • Paul Balogh

    Grafana Labs

    Organizer, CNCF Ambassador

  • Vinod Vydier


  • John Richards