SlideShare ist ein Scribd-Unternehmen logo

Container Runtime Security with Falco, by Néstor Salceda

Cloud Native Day Tel Aviv
Cloud Native Day Tel Aviv

In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity. In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream.

Technologie
1 von 24
Downloaden Sie, um offline zu lesen
Container Runtime Security Detection with Falco Néstor Salceda. Integrations Team Lead. Cloud Native & Edge Computing Summit Israel , Nov 12th 2019
@nestorsalceda • Open Source enthusiast • I work at Sysdig • Daddy of twins • Judo & Aikido aficionado • Kubernetes member: Sysdig and Falco Helm Charts & Operators • kubectl-capture plugin author • securityhub.dev lead engineer • Falco contributor
Agenda CONTAINER RUN-TIME SECURITY ANOMALY DETECTION USING FALCO A QUICK VIEW OF FALCO RULES ACTIVE SECURITY: DEMO OF KUBERNETES RESPONSE ENGINE
Container Run-time Security
• Establish trust boundaries (dev vs prod) • Identify, minimise and harden attack surfaces • Reduce scope and access • Layer protections and defenses • Traceability and test How to do security?
• Many security paradigms are still reactive • No tools inside the container • Breaches may extend for days or weeks before detected • Attacks are changing to abuse activities rather than data exfiltration (crypto haXx0rz!) • Ephemeral nature of containers means that in the event of a security breach you may never know How containers changed the game?
• Containers are isolated processes • Processes are scoped as to what’s expected • Image scanning is necessary but not enough • Container images are immutable, runtime environments often aren’t • How do you detect abnormal behavior? Detect intrusion in containers
Anomaly detection using Falco
• Detects suspicious activity defined by a set of rules • Securityhub.dev • Uses Sysdig’s flexible and powerful filtering expressions Behavioral Activity Monitor • Uses Sysdig’s container and orchestrator support • It also can receive events from the K8s audit log Full Support of Containers Orchestration Flexible Notification Methods Open Source Software • Files • STDOUT • Syslog • gRPC • Execute other programs • And more ... • CNCF Sandbox Project • Welcome contributors • Transparency & Governance Falco
Falco extended architecture FILTER EXPRESSION SYSDIG LIBRARIES MODULE / eBPF PROBE ALERTING FALCO RULES WEB SERVER USER KERNEL EVENTS AUDIT LOGS & METADATA SUSPICIOUS EVENTS SHELL STDOUT FILE gRPC 13
CUSTOM APP CONTAINER NGINX CONTAINER FALCO CONTAINER Kernel Instrumentation HOST / OS KERNEL SYSTEM CALLS Deployment 14
• clone() and execve() give you insight into process and commands • open(), close(), read() and write() functions offer visibility on I/O • socket(), connect(), and accept() give insight into network Syscalls for observability?
A quick view of Falco Rules
- list: bin_dirs items: [/bin, /sbin, /usr/bin, /usr/sbin] - macro: bin_dir condition: fd.directory in (bin_dirs) - rule: write_binary_dir desc: an attempt to write to any file below a set of binary directories condition: bin_dir and evt.dir = < and open_write and not package_mgmt_procs output: "File below a known binary directory opened for writing (user=%user.name command=%proc.cmdline file=%fd.name)" priority: WARNING yaml file containing Macros, Lists, and Rules Falco rules
Falco ships with a several rules which implements best practices for containers: • Writing files in /bin or /etc • Reading sensitive files • Terminal spawn in a container • ... Batteries included
• A platform for discovering, sharing and using Cloud-Native resources related to Kubernetes security • Browse existent security best practices and componentes or use cases • Contribute just creating a PR securityhub.dev
Active Security with Kubernetes Response Engine
• Responding to security incidents should not be an improvised or non-scripted activity • It is important that workflows and action-plans are created in advance, so that the team’s response to an incident is consistent, focused and repeatable Trusting humans again?
Response engine on Kubernetes https://sysdig.com/blog/container-security-orchestration-falco-splunk-phantom/ PUBLISH TO TOPIC FALCO-NATS SIDECAR LINUX PIPE FALCO CONTAINER FALCO DAEMONSET EVENTS K8S METADATA KUBERNETES NODES kubelet API APPLICATION DEPLOYMENTS EXECUTE REACTION i.e. kill the offending pod F(x) F(x) F(x) WEBHOOK NOTIFICATION SUBSCRIBE TO 1..N TOPICS kubernetes
‫רבה‬ ‫!תודה‬

Empfohlen

David container security-with_falco
David container security-with_falcoDavid container security-with_falco
David container security-with_falcoLorenzo David
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with FalcoMichael Ducy
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation toolsBangladesh Network Operators Group
 
[OpenStack 하반기 스터디] Docker를 이용한 OpenStack 가상화
[OpenStack 하반기 스터디] Docker를 이용한 OpenStack 가상화[OpenStack 하반기 스터디] Docker를 이용한 OpenStack 가상화
[OpenStack 하반기 스터디] Docker를 이용한 OpenStack 가상화OpenStack Korea Community
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for BeginnerShahzad Masud
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGIMike Pittaro
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 

Empfohlen

David container security-with_falco
David container security-with_falcoDavid container security-with_falco
David container security-with_falcoLorenzo David
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with FalcoMichael Ducy
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation toolsBangladesh Network Operators Group
 
[OpenStack 하반기 스터디] Docker를 이용한 OpenStack 가상화
[OpenStack 하반기 스터디] Docker를 이용한 OpenStack 가상화[OpenStack 하반기 스터디] Docker를 이용한 OpenStack 가상화
[OpenStack 하반기 스터디] Docker를 이용한 OpenStack 가상화OpenStack Korea Community
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for BeginnerShahzad Masud
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGIMike Pittaro
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Aaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixAaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixZabbix
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Alphorm.com Formation KVM
Alphorm.com Formation KVMAlphorm.com Formation KVM
Alphorm.com Formation KVMAlphorm
 
Linux kernel memory allocators
Linux kernel memory allocatorsLinux kernel memory allocators
Linux kernel memory allocatorsHao-Ran Liu
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container securityVolodymyr Shynkar
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE - ATT&CKcon
 
Performance Comparison of Mutex, RWLock and Atomic types in Rust
Performance Comparison of Mutex, RWLock and Atomic types in RustPerformance Comparison of Mutex, RWLock and Atomic types in Rust
Performance Comparison of Mutex, RWLock and Atomic types in RustMitsunori Komatsu
 
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !Pierre-jean Texier
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101SUSE Labs Taipei
 
Cloud Native Workload ATT&CK Matrix
Cloud Native Workload ATT&CK MatrixCloud Native Workload ATT&CK Matrix
Cloud Native Workload ATT&CK MatrixMITRE ATT&CK
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF AbyssSasha Goldshtein
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-BufferSourav Punoriyar
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime SecuritySysdig
 
Securing your Kubernetes applications
Securing your Kubernetes applicationsSecuring your Kubernetes applications
Securing your Kubernetes applicationsNéstor Salceda
 

Weitere ähnliche Inhalte

Was ist angesagt?

Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Aaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixAaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixZabbix
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Alphorm.com Formation KVM
Alphorm.com Formation KVMAlphorm.com Formation KVM
Alphorm.com Formation KVMAlphorm
 
Linux kernel memory allocators
Linux kernel memory allocatorsLinux kernel memory allocators
Linux kernel memory allocatorsHao-Ran Liu
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container securityVolodymyr Shynkar
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE - ATT&CKcon
 
Performance Comparison of Mutex, RWLock and Atomic types in Rust
Performance Comparison of Mutex, RWLock and Atomic types in RustPerformance Comparison of Mutex, RWLock and Atomic types in Rust
Performance Comparison of Mutex, RWLock and Atomic types in RustMitsunori Komatsu
 
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !Pierre-jean Texier
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
Cloud Native Workload ATT&CK Matrix
Cloud Native Workload ATT&CK MatrixCloud Native Workload ATT&CK Matrix
Cloud Native Workload ATT&CK MatrixMITRE ATT&CK
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF AbyssSasha Goldshtein
 

Was ist angesagt? (20)

Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
 
Aaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixAaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with Zabbix
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
 
Alphorm.com Formation KVM
Alphorm.com Formation KVMAlphorm.com Formation KVM
Alphorm.com Formation KVM
 
Linux kernel memory allocators
Linux kernel memory allocatorsLinux kernel memory allocators
Linux kernel memory allocators
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
 
Performance Comparison of Mutex, RWLock and Atomic types in Rust
Performance Comparison of Mutex, RWLock and Atomic types in RustPerformance Comparison of Mutex, RWLock and Atomic types in Rust
Performance Comparison of Mutex, RWLock and Atomic types in Rust
 
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
 
Cloud Native Workload ATT&CK Matrix
Cloud Native Workload ATT&CK MatrixCloud Native Workload ATT&CK Matrix
Cloud Native Workload ATT&CK Matrix
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of Software
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF Abyss
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-Buffer
 

Ähnlich wie Container Runtime Security with Falco, by Néstor Salceda

Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime SecuritySysdig
 
Securing your Kubernetes applications
Securing your Kubernetes applicationsSecuring your Kubernetes applications
Securing your Kubernetes applicationsNéstor Salceda
 
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersImplementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersNéstor Salceda
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with ServerlessMichael Ducy
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and BeyondBlack Duck by Synopsys
 
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaImplementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaNéstor Salceda
 
Falco docker barcelona
Falco docker barcelonaFalco docker barcelona
Falco docker barcelonamateobur
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Sysdig
 
WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!Sysdig
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriDocker, Inc.
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container SecurityPhil Estes
 
Lessons Learned From Running Spark On Docker
Lessons Learned From Running Spark On DockerLessons Learned From Running Spark On Docker
Lessons Learned From Running Spark On DockerSpark Summit
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Walid Shaari
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudSalman Baset
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBlueData, Inc.
 

Ähnlich wie Container Runtime Security with Falco, by Néstor Salceda (20)

Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
 
Securing your Kubernetes applications
Securing your Kubernetes applicationsSecuring your Kubernetes applications
Securing your Kubernetes applications
 
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersImplementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond
 
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaImplementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
 
Falco docker barcelona
Falco docker barcelonaFalco docker barcelona
Falco docker barcelona
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
 
BRKSDN-2115
BRKSDN-2115 BRKSDN-2115
BRKSDN-2115
 
Container Security Mmanagement
Container Security MmanagementContainer Security Mmanagement
Container Security Mmanagement
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
Lessons Learned From Running Spark On Docker
Lessons Learned From Running Spark On DockerLessons Learned From Running Spark On Docker
Lessons Learned From Running Spark On Docker
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker Containers
 

Mehr von Cloud Native Day Tel Aviv

Cloud Native is a Cultural Decision. By Reshef Mann
Cloud Native is a Cultural Decision. By Reshef MannCloud Native is a Cultural Decision. By Reshef Mann
Cloud Native is a Cultural Decision. By Reshef MannCloud Native Day Tel Aviv
 
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...Cloud Native Day Tel Aviv
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomCloud Native Day Tel Aviv
 
WTF Do We Need a Service Mesh? By Anton Weiss.
WTF Do We Need a Service Mesh? By Anton Weiss.WTF Do We Need a Service Mesh? By Anton Weiss.
WTF Do We Need a Service Mesh? By Anton Weiss.Cloud Native Day Tel Aviv
 
Update Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat CosgroveUpdate Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat CosgroveCloud Native Day Tel Aviv
 
Building a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
Building a Cloud-Native SaaS Product The Hard Way. By Arthur BerezinBuilding a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
Building a Cloud-Native SaaS Product The Hard Way. By Arthur BerezinCloud Native Day Tel Aviv
 
The Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
The Four Questions (Every Monitoring Engineer gets asked), by Leon AdatoThe Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
The Four Questions (Every Monitoring Engineer gets asked), by Leon AdatoCloud Native Day Tel Aviv
 
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.Cloud Native Day Tel Aviv
 
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-ShalomCloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-ShalomCloud Native Day Tel Aviv
 
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.Cloud Native Day Tel Aviv
 
Cloud native transformation patterns, by Pini Reznik
Cloud native transformation patterns, by Pini ReznikCloud native transformation patterns, by Pini Reznik
Cloud native transformation patterns, by Pini ReznikCloud Native Day Tel Aviv
 
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud Native Day Tel Aviv
 
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...Cloud Native Day Tel Aviv
 
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...Cloud Native Day Tel Aviv
 
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...Cloud Native Day Tel Aviv
 
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...Cloud Native Day Tel Aviv
 
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...Cloud Native Day Tel Aviv
 
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...Cloud Native Day Tel Aviv
 
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018Cloud Native Day Tel Aviv
 
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...Cloud Native Day Tel Aviv
 

Mehr von Cloud Native Day Tel Aviv (20)

Cloud Native is a Cultural Decision. By Reshef Mann
Cloud Native is a Cultural Decision. By Reshef MannCloud Native is a Cultural Decision. By Reshef Mann
Cloud Native is a Cultural Decision. By Reshef Mann
 
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
 
WTF Do We Need a Service Mesh? By Anton Weiss.
WTF Do We Need a Service Mesh? By Anton Weiss.WTF Do We Need a Service Mesh? By Anton Weiss.
WTF Do We Need a Service Mesh? By Anton Weiss.
 
Update Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat CosgroveUpdate Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat Cosgrove
 
Building a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
Building a Cloud-Native SaaS Product The Hard Way. By Arthur BerezinBuilding a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
Building a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
 
The Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
The Four Questions (Every Monitoring Engineer gets asked), by Leon AdatoThe Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
The Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
 
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
 
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-ShalomCloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
 
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
 
Cloud native transformation patterns, by Pini Reznik
Cloud native transformation patterns, by Pini ReznikCloud native transformation patterns, by Pini Reznik
Cloud native transformation patterns, by Pini Reznik
 
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
 
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
 
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
 
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
 
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
 
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
 
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
 
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
 
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
 

Kürzlich hochgeladen

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Kürzlich hochgeladen (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Container Runtime Security with Falco, by Néstor Salceda

  • 1. Container Runtime Security Detection with Falco Néstor Salceda. Integrations Team Lead. Cloud Native & Edge Computing Summit Israel , Nov 12th 2019
  • 2. @nestorsalceda • Open Source enthusiast • I work at Sysdig • Daddy of twins • Judo & Aikido aficionado • Kubernetes member: Sysdig and Falco Helm Charts & Operators • kubectl-capture plugin author • securityhub.dev lead engineer • Falco contributor
  • 3. Agenda CONTAINER RUN-TIME SECURITY ANOMALY DETECTION USING FALCO A QUICK VIEW OF FALCO RULES ACTIVE SECURITY: DEMO OF KUBERNETES RESPONSE ENGINE
  • 5. • Establish trust boundaries (dev vs prod) • Identify, minimise and harden attack surfaces • Reduce scope and access • Layer protections and defenses • Traceability and test How to do security?
  • 6. • Many security paradigms are still reactive • No tools inside the container • Breaches may extend for days or weeks before detected • Attacks are changing to abuse activities rather than data exfiltration (crypto haXx0rz!) • Ephemeral nature of containers means that in the event of a security breach you may never know How containers changed the game?
  • 7.
  • 8.
  • 9. • Containers are isolated processes • Processes are scoped as to what’s expected • Image scanning is necessary but not enough • Container images are immutable, runtime environments often aren’t • How do you detect abnormal behavior? Detect intrusion in containers
  • 10.
  • 12. • Detects suspicious activity defined by a set of rules • Securityhub.dev • Uses Sysdig’s flexible and powerful filtering expressions Behavioral Activity Monitor • Uses Sysdig’s container and orchestrator support • It also can receive events from the K8s audit log Full Support of Containers Orchestration Flexible Notification Methods Open Source Software • Files • STDOUT • Syslog • gRPC • Execute other programs • And more ... • CNCF Sandbox Project • Welcome contributors • Transparency & Governance Falco
  • 13. Falco extended architecture FILTER EXPRESSION SYSDIG LIBRARIES MODULE / eBPF PROBE ALERTING FALCO RULES WEB SERVER USER KERNEL EVENTS AUDIT LOGS & METADATA SUSPICIOUS EVENTS SHELL STDOUT FILE gRPC 13
  • 15.
  • 16. • clone() and execve() give you insight into process and commands • open(), close(), read() and write() functions offer visibility on I/O • socket(), connect(), and accept() give insight into network Syscalls for observability?
  • 17. A quick view of Falco Rules
  • 18. - list: bin_dirs items: [/bin, /sbin, /usr/bin, /usr/sbin] - macro: bin_dir condition: fd.directory in (bin_dirs) - rule: write_binary_dir desc: an attempt to write to any file below a set of binary directories condition: bin_dir and evt.dir = < and open_write and not package_mgmt_procs output: "File below a known binary directory opened for writing (user=%user.name command=%proc.cmdline file=%fd.name)" priority: WARNING yaml file containing Macros, Lists, and Rules Falco rules
  • 19. Falco ships with a several rules which implements best practices for containers: • Writing files in /bin or /etc • Reading sensitive files • Terminal spawn in a container • ... Batteries included
  • 20. • A platform for discovering, sharing and using Cloud-Native resources related to Kubernetes security • Browse existent security best practices and componentes or use cases • Contribute just creating a PR securityhub.dev
  • 22. • Responding to security incidents should not be an improvised or non-scripted activity • It is important that workflows and action-plans are created in advance, so that the team’s response to an incident is consistent, focused and repeatable Trusting humans again?
  • 23. Response engine on Kubernetes https://sysdig.com/blog/container-security-orchestration-falco-splunk-phantom/ PUBLISH TO TOPIC FALCO-NATS SIDECAR LINUX PIPE FALCO CONTAINER FALCO DAEMONSET EVENTS K8S METADATA KUBERNETES NODES kubelet API APPLICATION DEPLOYMENTS EXECUTE REACTION i.e. kill the offending pod F(x) F(x) F(x) WEBHOOK NOTIFICATION SUBSCRIBE TO 1..N TOPICS kubernetes