Event Sponsors

0.png
linnovate logo-Clear.png
ibm.png
zadara.png
Jfrog_Logo_CMYK-01.jpg
cloudify logo square-01.png
image001.png
opsschool.png

© 2018 Cloud Native Israel

nestor.png

Host intrusion detection (HID) has been around for some time. What if we rethought the problems HID solves in the context of Cloud Native platforms? What if we can detect abnormal behavior in the application, container runtime, & cluster environment as well?

In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity.

In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream.

Finally, we will cover how to create additional event streams leveraging the generic implementation Falco provides. Attendees will gain deep understanding of Falco’s architecture, and how it custom Falco for additional events sources.

Néstor Salceda

Container Runtime Security with Falco

Bio

Néstor is a passionate and upbeat software engineer. He loves to pick an idea, develop it and making it real. He is also a Open Source Software enthusiast and right now, he is part of Sysdig team. While he is not in front of its computers, you will find him playing in the ground with his two little twins or practising Judo or Aikido.

11:00-11:30 | Track 2

  • White Twitter Icon
  • White Facebook Icon
  • White LinkedIn Icon
  • White Google+ Icon
  • White YouTube Icon