Loading…
Attending this event?
Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map
View analytic
Tuesday, December 11 • 3:40pm - 4:15pm
Intro: Falco - Loris Degioanni, Sysdig

Sign up or log in to save this to your schedule and see who's attending!

Log in to leave feedback.
Host intrusion detection (HID) has been around for some time. What if we rethought the problems HID solves in the context of Cloud Native platforms? What if we can detect abnormal behavior in the application, container runtime, & cluster environment as well? In this talk, we’ll present Falco, a CNCF Sandbox project for runtime security. We will show how Falco taps Linux system calls & the Kubernetes API to provide low level insight into application behavior, & how to write Falco rules to detect abnormal behavior. We’ll show how to collect & aggregate alerts using an EFK stack (Elasticsearch, Fluentd, Kibana). Finally we will show how Falco can trigger functions to stop abnormal behavior, & isolate the compromised Pod or Node for forensics. Attendees will leave with a better understanding of what problems runtime security solves, & how Falco can provide runtime security & incident response.

Speakers
LD

Loris Degioanni

Founder & CTO, Sysdig
Loris Degioanni is the CTO and founder of Sysdig, the container intelligence platform. He is also the creator of the popular open source troubleshooting tool, sysdig, and the open source container security tool Falco. Prior to founding Sysdig, Loris co-created Wireshark, the open... Read More →


Tuesday December 11, 2018 3:40pm - 4:15pm
615-617
  • Skill Level Any