SlideShare a Scribd company logo

Container Runtime Security with Falco, by Néstor Salceda

Cloud Native Day Tel Aviv
Cloud Native Day Tel Aviv

In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity. In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream.

1 of 24
Download to read offline
Container Runtime Security Detection with Falco Néstor Salceda. Integrations Team Lead. Cloud Native & Edge Computing Summit Israel , Nov 12th 2019
@nestorsalceda • Open Source enthusiast • I work at Sysdig • Daddy of twins • Judo & Aikido aficionado • Kubernetes member: Sysdig and Falco Helm Charts & Operators • kubectl-capture plugin author • securityhub.dev lead engineer • Falco contributor
Agenda CONTAINER RUN-TIME SECURITY ANOMALY DETECTION USING FALCO A QUICK VIEW OF FALCO RULES ACTIVE SECURITY: DEMO OF KUBERNETES RESPONSE ENGINE
Container Run-time Security
• Establish trust boundaries (dev vs prod) • Identify, minimise and harden attack surfaces • Reduce scope and access • Layer protections and defenses • Traceability and test How to do security?
• Many security paradigms are still reactive • No tools inside the container • Breaches may extend for days or weeks before detected • Attacks are changing to abuse activities rather than data exfiltration (crypto haXx0rz!) • Ephemeral nature of containers means that in the event of a security breach you may never know How containers changed the game?
• Containers are isolated processes • Processes are scoped as to what’s expected • Image scanning is necessary but not enough • Container images are immutable, runtime environments often aren’t • How do you detect abnormal behavior? Detect intrusion in containers
Anomaly detection using Falco
• Detects suspicious activity defined by a set of rules • Securityhub.dev • Uses Sysdig’s flexible and powerful filtering expressions Behavioral Activity Monitor • Uses Sysdig’s container and orchestrator support • It also can receive events from the K8s audit log Full Support of Containers Orchestration Flexible Notification Methods Open Source Software • Files • STDOUT • Syslog • gRPC • Execute other programs • And more ... • CNCF Sandbox Project • Welcome contributors • Transparency & Governance Falco
Falco extended architecture FILTER EXPRESSION SYSDIG LIBRARIES MODULE / eBPF PROBE ALERTING FALCO RULES WEB SERVER USER KERNEL EVENTS AUDIT LOGS & METADATA SUSPICIOUS EVENTS SHELL STDOUT FILE gRPC 13
CUSTOM APP CONTAINER NGINX CONTAINER FALCO CONTAINER Kernel Instrumentation HOST / OS KERNEL SYSTEM CALLS Deployment 14
• clone() and execve() give you insight into process and commands • open(), close(), read() and write() functions offer visibility on I/O • socket(), connect(), and accept() give insight into network Syscalls for observability?
A quick view of Falco Rules
- list: bin_dirs items: [/bin, /sbin, /usr/bin, /usr/sbin] - macro: bin_dir condition: fd.directory in (bin_dirs) - rule: write_binary_dir desc: an attempt to write to any file below a set of binary directories condition: bin_dir and evt.dir = < and open_write and not package_mgmt_procs output: "File below a known binary directory opened for writing (user=%user.name command=%proc.cmdline file=%fd.name)" priority: WARNING yaml file containing Macros, Lists, and Rules Falco rules
Falco ships with a several rules which implements best practices for containers: • Writing files in /bin or /etc • Reading sensitive files • Terminal spawn in a container • ... Batteries included
• A platform for discovering, sharing and using Cloud-Native resources related to Kubernetes security • Browse existent security best practices and componentes or use cases • Contribute just creating a PR securityhub.dev
Active Security with Kubernetes Response Engine
• Responding to security incidents should not be an improvised or non-scripted activity • It is important that workflows and action-plans are created in advance, so that the team’s response to an incident is consistent, focused and repeatable Trusting humans again?
Response engine on Kubernetes https://sysdig.com/blog/container-security-orchestration-falco-splunk-phantom/ PUBLISH TO TOPIC FALCO-NATS SIDECAR LINUX PIPE FALCO CONTAINER FALCO DAEMONSET EVENTS K8S METADATA KUBERNETES NODES kubelet API APPLICATION DEPLOYMENTS EXECUTE REACTION i.e. kill the offending pod F(x) F(x) F(x) WEBHOOK NOTIFICATION SUBSCRIBE TO 1..N TOPICS kubernetes
‫רבה‬ ‫!תודה‬

Recommended

CI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumCI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and Tutum
Sreenivas Makam
 
Why we chose Argo Workflow to scale DevOps at InVision
Why we chose Argo Workflow to scale DevOps at InVisionWhy we chose Argo Workflow to scale DevOps at InVision
Why we chose Argo Workflow to scale DevOps at InVision
Nebulaworks
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with Terraform
Tim Berry
 
(Declarative) Jenkins Pipelines
(Declarative) Jenkins Pipelines(Declarative) Jenkins Pipelines
(Declarative) Jenkins Pipelines
Steffen Gebert
 
2020-02-20 - HashiCorpUserGroup Madring - Integrating HashiCorp Vault and Kub...
2020-02-20 - HashiCorpUserGroup Madring - Integrating HashiCorp Vault and Kub...2020-02-20 - HashiCorpUserGroup Madring - Integrating HashiCorp Vault and Kub...
2020-02-20 - HashiCorpUserGroup Madring - Integrating HashiCorp Vault and Kub...
Andrey Devyatkin
 
Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into Containerd
Kohei Tokunaga
 
A Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdfA Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdf
Edith Puclla
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd products
Julian Mazzitelli
 

Recommended

CI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumCI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and Tutum
Sreenivas Makam
 
Why we chose Argo Workflow to scale DevOps at InVision
Why we chose Argo Workflow to scale DevOps at InVisionWhy we chose Argo Workflow to scale DevOps at InVision
Why we chose Argo Workflow to scale DevOps at InVision
Nebulaworks
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with Terraform
Tim Berry
 
(Declarative) Jenkins Pipelines
(Declarative) Jenkins Pipelines(Declarative) Jenkins Pipelines
(Declarative) Jenkins Pipelines
Steffen Gebert
 
2020-02-20 - HashiCorpUserGroup Madring - Integrating HashiCorp Vault and Kub...
2020-02-20 - HashiCorpUserGroup Madring - Integrating HashiCorp Vault and Kub...2020-02-20 - HashiCorpUserGroup Madring - Integrating HashiCorp Vault and Kub...
2020-02-20 - HashiCorpUserGroup Madring - Integrating HashiCorp Vault and Kub...
Andrey Devyatkin
 
Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into Containerd
Kohei Tokunaga
 
A Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdfA Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdf
Edith Puclla
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd products
Julian Mazzitelli
 
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastrutturaGitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
sparkfabrik
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingFaster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Kohei Tokunaga
 
Introduction to Tekton
Introduction to TektonIntroduction to Tekton
Introduction to Tekton
Victor Iglesias
 
CD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfCD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdf
Knoldus Inc.
 
Introductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformIntroductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with Terraform
Michael Heyns
 
Packer
Packer Packer
Packer
Nitesh Saini
 
Continuous Integration/Deployment with Gitlab CI
Continuous Integration/Deployment with Gitlab CIContinuous Integration/Deployment with Gitlab CI
Continuous Integration/Deployment with Gitlab CI
David Hahn
 
Git tutorial
Git tutorialGit tutorial
Git tutorial
Elli Kanal
 
Intro to Terraform
Intro to TerraformIntro to Terraform
Intro to Terraform
Josh Michielsen
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Julien Maitrehenry
 
GitOps with Gitkube
GitOps with GitkubeGitOps with Gitkube
GitOps with Gitkube
Tirumarai Selvan
 
Jenkins CI
Jenkins CIJenkins CI
Jenkins CI
Viyaan Jhiingade
 
JHipster on AWS
JHipster on AWSJHipster on AWS
JHipster on AWS
Gerard Gigliotti
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Sunnyvale
 
Docker 基礎介紹與實戰
Docker 基礎介紹與實戰Docker 基礎介紹與實戰
Docker 基礎介紹與實戰
Bo-Yi Wu
 
Jenkins CI
Jenkins CIJenkins CI
Jenkins CI
haochenglee
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 
The Death of Final Tagless
The Death of Final TaglessThe Death of Final Tagless
The Death of Final Tagless
John De Goes
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Raffaele Di Fazio
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
Sysdig
 
Securing your Kubernetes applications
Securing your Kubernetes applicationsSecuring your Kubernetes applications
Securing your Kubernetes applications
Néstor Salceda
 

More Related Content

What's hot

GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastrutturaGitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
sparkfabrik
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingFaster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Kohei Tokunaga
 
Introduction to Tekton
Introduction to TektonIntroduction to Tekton
Introduction to Tekton
Victor Iglesias
 
CD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfCD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdf
Knoldus Inc.
 
Introductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformIntroductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with Terraform
Michael Heyns
 
Packer
Packer Packer
Packer
Nitesh Saini
 
Continuous Integration/Deployment with Gitlab CI
Continuous Integration/Deployment with Gitlab CIContinuous Integration/Deployment with Gitlab CI
Continuous Integration/Deployment with Gitlab CI
David Hahn
 
Git tutorial
Git tutorialGit tutorial
Git tutorial
Elli Kanal
 
Intro to Terraform
Intro to TerraformIntro to Terraform
Intro to Terraform
Josh Michielsen
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Julien Maitrehenry
 
GitOps with Gitkube
GitOps with GitkubeGitOps with Gitkube
GitOps with Gitkube
Tirumarai Selvan
 
Jenkins CI
Jenkins CIJenkins CI
Jenkins CI
Viyaan Jhiingade
 
JHipster on AWS
JHipster on AWSJHipster on AWS
JHipster on AWS
Gerard Gigliotti
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Sunnyvale
 
Docker 基礎介紹與實戰
Docker 基礎介紹與實戰Docker 基礎介紹與實戰
Docker 基礎介紹與實戰
Bo-Yi Wu
 
Jenkins CI
Jenkins CIJenkins CI
Jenkins CI
haochenglee
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 
The Death of Final Tagless
The Death of Final TaglessThe Death of Final Tagless
The Death of Final Tagless
John De Goes
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Raffaele Di Fazio
 

What's hot (20)

GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastrutturaGitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
 
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingFaster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
 
Introduction to Tekton
Introduction to TektonIntroduction to Tekton
Introduction to Tekton
 
CD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfCD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdf
 
Introductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformIntroductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with Terraform
 
Packer
Packer Packer
Packer
 
Continuous Integration/Deployment with Gitlab CI
Continuous Integration/Deployment with Gitlab CIContinuous Integration/Deployment with Gitlab CI
Continuous Integration/Deployment with Gitlab CI
 
Git tutorial
Git tutorialGit tutorial
Git tutorial
 
Intro to Terraform
Intro to TerraformIntro to Terraform
Intro to Terraform
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
GitOps with Gitkube
GitOps with GitkubeGitOps with Gitkube
GitOps with Gitkube
 
Jenkins CI
Jenkins CIJenkins CI
Jenkins CI
 
JHipster on AWS
JHipster on AWSJHipster on AWS
JHipster on AWS
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
 
Docker 基礎介紹與實戰
Docker 基礎介紹與實戰Docker 基礎介紹與實戰
Docker 基礎介紹與實戰
 
Jenkins CI
Jenkins CIJenkins CI
Jenkins CI
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1
 
The Death of Final Tagless
The Death of Final TaglessThe Death of Final Tagless
The Death of Final Tagless
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 

Similar to Container Runtime Security with Falco, by Néstor Salceda

Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
Sysdig
 
Securing your Kubernetes applications
Securing your Kubernetes applicationsSecuring your Kubernetes applications
Securing your Kubernetes applications
Néstor Salceda
 
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersImplementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Néstor Salceda
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
Michael Ducy
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond
Black Duck by Synopsys
 
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaImplementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Néstor Salceda
 
Falco docker barcelona
Falco docker barcelonaFalco docker barcelona
Falco docker barcelona
mateobur
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Sysdig
 
David container security-with_falco
David container security-with_falcoDavid container security-with_falco
David container security-with_falco
Lorenzo David
 
WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!
Sysdig
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker, Inc.
 
BRKSDN-2115
BRKSDN-2115 BRKSDN-2115
BRKSDN-2115
Rohit Agarwalla
 
Container Security Mmanagement
Container Security MmanagementContainer Security Mmanagement
Container Security Mmanagement
Suresh Thivanka Rupasinghe
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
Stephane Woillez
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
Phil Estes
 
Lessons Learned From Running Spark On Docker
Lessons Learned From Running Spark On DockerLessons Learned From Running Spark On Docker
Lessons Learned From Running Spark On Docker
Spark Summit
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Walid Shaari
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Phil Estes
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
Salman Baset
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
Nicolas De Loof
 

Similar to Container Runtime Security with Falco, by Néstor Salceda (20)

Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
 
Securing your Kubernetes applications
Securing your Kubernetes applicationsSecuring your Kubernetes applications
Securing your Kubernetes applications
 
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersImplementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond
 
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaImplementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
 
Falco docker barcelona
Falco docker barcelonaFalco docker barcelona
Falco docker barcelona
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
David container security-with_falco
David container security-with_falcoDavid container security-with_falco
David container security-with_falco
 
WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
 
BRKSDN-2115
BRKSDN-2115 BRKSDN-2115
BRKSDN-2115
 
Container Security Mmanagement
Container Security MmanagementContainer Security Mmanagement
Container Security Mmanagement
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
Lessons Learned From Running Spark On Docker
Lessons Learned From Running Spark On DockerLessons Learned From Running Spark On Docker
Lessons Learned From Running Spark On Docker
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 

More from Cloud Native Day Tel Aviv

Cloud Native is a Cultural Decision. By Reshef Mann
Cloud Native is a Cultural Decision. By Reshef MannCloud Native is a Cultural Decision. By Reshef Mann
Cloud Native is a Cultural Decision. By Reshef Mann
Cloud Native Day Tel Aviv
 
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
Cloud Native Day Tel Aviv
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
WTF Do We Need a Service Mesh? By Anton Weiss.
WTF Do We Need a Service Mesh? By Anton Weiss.WTF Do We Need a Service Mesh? By Anton Weiss.
WTF Do We Need a Service Mesh? By Anton Weiss.
Cloud Native Day Tel Aviv
 
Update Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat CosgroveUpdate Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat Cosgrove
Cloud Native Day Tel Aviv
 
Building a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
Building a Cloud-Native SaaS Product The Hard Way. By Arthur BerezinBuilding a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
Building a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
Cloud Native Day Tel Aviv
 
The Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
The Four Questions (Every Monitoring Engineer gets asked), by Leon AdatoThe Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
The Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
Cloud Native Day Tel Aviv
 
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
Cloud Native Day Tel Aviv
 
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-ShalomCloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
Cloud Native Day Tel Aviv
 
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
Cloud Native Day Tel Aviv
 
Cloud native transformation patterns, by Pini Reznik
Cloud native transformation patterns, by Pini ReznikCloud native transformation patterns, by Pini Reznik
Cloud native transformation patterns, by Pini Reznik
Cloud Native Day Tel Aviv
 
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud Native Day Tel Aviv
 
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Cloud Native Day Tel Aviv
 
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
Cloud Native Day Tel Aviv
 
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
Cloud Native Day Tel Aviv
 
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
Cloud Native Day Tel Aviv
 
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
Cloud Native Day Tel Aviv
 
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
Cloud Native Day Tel Aviv
 
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
Cloud Native Day Tel Aviv
 
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
Cloud Native Day Tel Aviv
 

More from Cloud Native Day Tel Aviv (20)

Cloud Native is a Cultural Decision. By Reshef Mann
Cloud Native is a Cultural Decision. By Reshef MannCloud Native is a Cultural Decision. By Reshef Mann
Cloud Native is a Cultural Decision. By Reshef Mann
 
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
Kafka Mirror Tester: Go and Kubernetes Powered Test Suite for Kafka Replicati...
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
 
WTF Do We Need a Service Mesh? By Anton Weiss.
WTF Do We Need a Service Mesh? By Anton Weiss.WTF Do We Need a Service Mesh? By Anton Weiss.
WTF Do We Need a Service Mesh? By Anton Weiss.
 
Update Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat CosgroveUpdate Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat Cosgrove
 
Building a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
Building a Cloud-Native SaaS Product The Hard Way. By Arthur BerezinBuilding a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
Building a Cloud-Native SaaS Product The Hard Way. By Arthur Berezin
 
The Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
The Four Questions (Every Monitoring Engineer gets asked), by Leon AdatoThe Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
The Four Questions (Every Monitoring Engineer gets asked), by Leon Adato
 
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
 
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-ShalomCloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
Cloud Native: The Cattle, the Pets, and the Germs, by Avishai Ish-Shalom
 
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
MySQL Shell: the daily tool for devs and admins. By Vittorio Cioe.
 
Cloud native transformation patterns, by Pini Reznik
Cloud native transformation patterns, by Pini ReznikCloud native transformation patterns, by Pini Reznik
Cloud native transformation patterns, by Pini Reznik
 
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
 
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
Two Years, Zero servers: Lessons learned from running a startup 100% on Serve...
 
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
 
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
Not my problem! Delegating responsibilities to the infrastructure - Yshay Yaa...
 
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
Brain in the Cloud: Machine Learning on OpenStack & Kubernetes Done Right - E...
 
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
A stateful application walks into a Kubernetes bar - Arthur Berezin, JovianX ...
 
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
The story of how KubeMQ was born - Oz Golan, KubeMQ - Cloud Native Day Tel Av...
 
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
I want it all: go hybrid - Orit Yaron, Outbrain - Cloud Native Day Tel Aviv 2018
 
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
Keeping I.T. Real - Aaron Wolf, Mathematics and computer programming teacher,...
 

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

Container Runtime Security with Falco, by Néstor Salceda

  • 1. Container Runtime Security Detection with Falco Néstor Salceda. Integrations Team Lead. Cloud Native & Edge Computing Summit Israel , Nov 12th 2019
  • 2. @nestorsalceda • Open Source enthusiast • I work at Sysdig • Daddy of twins • Judo & Aikido aficionado • Kubernetes member: Sysdig and Falco Helm Charts & Operators • kubectl-capture plugin author • securityhub.dev lead engineer • Falco contributor
  • 3. Agenda CONTAINER RUN-TIME SECURITY ANOMALY DETECTION USING FALCO A QUICK VIEW OF FALCO RULES ACTIVE SECURITY: DEMO OF KUBERNETES RESPONSE ENGINE
  • 5. • Establish trust boundaries (dev vs prod) • Identify, minimise and harden attack surfaces • Reduce scope and access • Layer protections and defenses • Traceability and test How to do security?
  • 6. • Many security paradigms are still reactive • No tools inside the container • Breaches may extend for days or weeks before detected • Attacks are changing to abuse activities rather than data exfiltration (crypto haXx0rz!) • Ephemeral nature of containers means that in the event of a security breach you may never know How containers changed the game?
  • 7.
  • 8.
  • 9. • Containers are isolated processes • Processes are scoped as to what’s expected • Image scanning is necessary but not enough • Container images are immutable, runtime environments often aren’t • How do you detect abnormal behavior? Detect intrusion in containers
  • 10.
  • 12. • Detects suspicious activity defined by a set of rules • Securityhub.dev • Uses Sysdig’s flexible and powerful filtering expressions Behavioral Activity Monitor • Uses Sysdig’s container and orchestrator support • It also can receive events from the K8s audit log Full Support of Containers Orchestration Flexible Notification Methods Open Source Software • Files • STDOUT • Syslog • gRPC • Execute other programs • And more ... • CNCF Sandbox Project • Welcome contributors • Transparency & Governance Falco
  • 13. Falco extended architecture FILTER EXPRESSION SYSDIG LIBRARIES MODULE / eBPF PROBE ALERTING FALCO RULES WEB SERVER USER KERNEL EVENTS AUDIT LOGS & METADATA SUSPICIOUS EVENTS SHELL STDOUT FILE gRPC 13
  • 15.
  • 16. • clone() and execve() give you insight into process and commands • open(), close(), read() and write() functions offer visibility on I/O • socket(), connect(), and accept() give insight into network Syscalls for observability?
  • 17. A quick view of Falco Rules
  • 18. - list: bin_dirs items: [/bin, /sbin, /usr/bin, /usr/sbin] - macro: bin_dir condition: fd.directory in (bin_dirs) - rule: write_binary_dir desc: an attempt to write to any file below a set of binary directories condition: bin_dir and evt.dir = < and open_write and not package_mgmt_procs output: "File below a known binary directory opened for writing (user=%user.name command=%proc.cmdline file=%fd.name)" priority: WARNING yaml file containing Macros, Lists, and Rules Falco rules
  • 19. Falco ships with a several rules which implements best practices for containers: • Writing files in /bin or /etc • Reading sensitive files • Terminal spawn in a container • ... Batteries included
  • 20. • A platform for discovering, sharing and using Cloud-Native resources related to Kubernetes security • Browse existent security best practices and componentes or use cases • Contribute just creating a PR securityhub.dev
  • 22. • Responding to security incidents should not be an improvised or non-scripted activity • It is important that workflows and action-plans are created in advance, so that the team’s response to an incident is consistent, focused and repeatable Trusting humans again?
  • 23. Response engine on Kubernetes https://sysdig.com/blog/container-security-orchestration-falco-splunk-phantom/ PUBLISH TO TOPIC FALCO-NATS SIDECAR LINUX PIPE FALCO CONTAINER FALCO DAEMONSET EVENTS K8S METADATA KUBERNETES NODES kubelet API APPLICATION DEPLOYMENTS EXECUTE REACTION i.e. kill the offending pod F(x) F(x) F(x) WEBHOOK NOTIFICATION SUBSCRIBE TO 1..N TOPICS kubernetes