03 Sep Container Native Runtime Security with Falco by Lorenzo David
Shaun , UK www.digital-inferno.co.uk – Avoid them like the plague – I used to be a real fan of this company about two years ago and being a graphic designer have used them for over 14 of my clients websites. The past 8 months have been abysmal, lack of contact – randomly billing and renewing my contract when I’ve clearly stated not to. Site speed is awful… I could go on and on but simply do not have the time or energy.
In any Cloud Native architecture, there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity. In this talk, we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream. Finally, we will cover how to create additional event streams leveraging the generic implementation Falco provides. Attendees will gain a deep understanding of Falco’s architecture, and how it custom Falco for additional events sources.