SlideShare a Scribd company logo

Container Runtime Security with Falco

Michael Ducy
Michael Ducy

Effective security requires a layered approach. If one layer is comprised, the additional layers will (hopefully) stop an attacker from going further. Much of container security has focused on the image build process and providing providence for the artifacts in a container image, and restricting kernel level tunables in the container runtime (seccomp, SELinux, capabilities, etc). What if we can detect abnormal behavior in the application and the container runtime environment as well? In this talk, we’ll present Falco - an open source project for runtime security - and discuss how it provides application and container runtime security. We will show how Falco taps Linux system calls to provide low level insight into application behavior, and how to write Falco rules to detect abnormal behavior. Finally we will show how Falco can trigger notifications to stop abnormal behavior, notify humans, and isolate the compromised application for forensics. Attendees will leave with a better understanding of the container security landscape, what problems runtime security solves, & how Falco can provide runtime security and incident response.

Technology
1 of 41
Download to read offline
@mfdii Container Runtime Security with Falco
@mfdii Layers of Container Security Runtime Build Infrastructure
@mfdii Infrastructure Security Network Storage Host Cluster Container Runtime
@mfdii Infrastructure
@mfdii Build Security Network Storage Host Cluster App Code App Runtime Libraries OS App Code App Runtime Libraries OS App Code App Runtime Libraries OS Container Runtime
@mfdii Build - - - -
@mfdii Runtime Security Network Storage Host Cluster App Code App Runtime Libraries OS App Code App Runtime Libraries OS App Code App Runtime Libraries OS Container Runtime
@mfdii Runtime
@mfdii Sysdig Falco
@mfdii Anomaly Detection - - - -
@mfdii Sysdig Falco • • • • •
@mfdii Home Security Analogy • • • • `
@mfdii Home Security Analogy • • `
@mfdii Home Security Analogy • • • • • `
@mfdii Home Security Analogy • • `
@mfdii Quick examples
@mfdii Falco architecture `
@mfdii Falco Rules ■ ■ ■
@mfdii Falco rules - macro: bin_dir condition: fd.directory in (/bin, /sbin, /usr/bin, /usr/sbin) - list: shell_binaries items: [bash, csh, ksh, sh, tcsh, zsh, dash] - rule: write_binary_dir desc: an attempt to write to any file below a set of binary directories condition: bin_dir and evt.dir = < and open_write and not package_mgmt_procs output: "File below a known binary directory opened for writing (user=%user.name command=%proc.cmdline file=%fd.name)" priority: WARNING
@mfdii Falco rules
@mfdii Falco rules • •
@mfdii Conditions and Sysdig Filter Expressions fd - File Descriptors process - Processes evt - System Events user - Users group - Groups syslog - Syslog messages container - Container info fdlist - FD poll events k8s - Kubernetes events mesos - Mesos events span - Start/Stop markers evtin - Filter based on Spans
@mfdii Quick examples
@mfdii Alerts and outputs •
@mfdii A Custom Falco Rule - rule: Node Container Runs Node desc: Detect a process that’s not node started in a Node container. condition: evt.type=execve and container.image startswith node and proc.name!=node output: Node container started other process (user=%user.name command=%proc.cmdline %container.info) priority: INFO tags: [container, apps]
@mfdii A Custom Falco Rule - rule: Node Container Runs Node desc: Detect a process that’s not node started in a Node container. condition: evt.type=execve and container.image startswith node and proc.name!=node output: Node container started other process (user=%user.name command=%proc.cmdline %container.info) priority: INFO tags: [container, apps] Something is executing a program In a container based on the Node image And the process name isn’t node
@mfdii Extending Rules/Macros/Lists +
@mfdii Installing Falco • • • • • • • • • •
@mfdii Installing Falco on Kubernetes • $ helm install --name sysdig-falco-1 stable/falco • • • • • • •
@mfdii How can you use Falco?
@mfdii Response Engine & Security Playbooks ● ● ● ○ ○ ○ ● ○ ○ ○ ○
@mfdii Response Engine & Security Playbooks
@mfdii Response Engine & Security Playbooks Falco Detects abnormal event, Publishes alert to NATS Subscribers receive Falco Alert through NATS Server Kubeless receives Falco Alert, firing a function to delete the offending Kubernetes Pod https://sysdig.com/blog/oss-container-security-runtime/
@mfdii Functions for Operations - - - - - -
@mfdii SIEM with EFK ● ○ ○ ● ○ ○ ○ ●
@mfdii SIEM with EFK Falco Detects abnormal event, Publishes alert to NATS Subscribers receive Falco Alert through NATS Server Kubeless receives Falco Alert, firing a function to delete the offending Kubernetes Pod
@mfdii SIEM with EFK
@mfdii Demo Demo
@mfdii Join the community
@mfdii Learn more • • • •
@mfdii Thank you! Thank You

Recommended

ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active Directory
Will Schroeder
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes
Adnan Rashid
 
Container Security
Container SecurityContainer Security
Container Security
Salman Baset
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016
Daniel Bohannon
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container Security
Suraj Khetani
 
Container Security
Container SecurityContainer Security
Container Security
Amazon Web Services
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
Docker, Inc.
 

Recommended

ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active Directory
Will Schroeder
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes
Adnan Rashid
 
Container Security
Container SecurityContainer Security
Container Security
Salman Baset
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016
Daniel Bohannon
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container Security
Suraj Khetani
 
Container Security
Container SecurityContainer Security
Container Security
Amazon Web Services
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
Docker, Inc.
 
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Edureka!
 
Kubernetes
KubernetesKubernetes
Kubernetes
Meng-Ze Lee
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
Derek Downey
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
Jason Hu
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
Teymur Kheirkhabarov
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
Thomas Fricke
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
Raphaël PINSON
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
Ryan Jarvinen
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
Will Schroeder
 
Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets
Janakiram MSV
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
KubeAcademy
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can You
Douglas Bienstock
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Paris Apostolopoulos
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetes
NexThoughts Technologies
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
Opsta
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
Michael Ducy
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
Michael Ducy
 

More Related Content

What's hot

Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Edureka!
 
Kubernetes
KubernetesKubernetes
Kubernetes
Meng-Ze Lee
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
Derek Downey
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
Jason Hu
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
Teymur Kheirkhabarov
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
Thomas Fricke
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
Raphaël PINSON
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
Ryan Jarvinen
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
Will Schroeder
 
Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets
Janakiram MSV
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
KubeAcademy
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can You
Douglas Bienstock
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Paris Apostolopoulos
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetes
NexThoughts Technologies
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
Opsta
 

What's hot (20)

Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
 
Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can You
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetes
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
 

Similar to Container Runtime Security with Falco

Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
Michael Ducy
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
Michael Ducy
 
Securing your Container Environment with Open Source
Securing your Container Environment with Open SourceSecuring your Container Environment with Open Source
Securing your Container Environment with Open Source
Michael Ducy
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
Sysdig
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
Velocidex Enterprises
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
Jimmy Mesta
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
Gianluca Arbezzano
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon praguehernanibf
 
GitOps & the deployment branching models - DevOps D-day Marseille 2021
GitOps & the deployment branching models - DevOps D-day Marseille 2021GitOps & the deployment branching models - DevOps D-day Marseille 2021
GitOps & the deployment branching models - DevOps D-day Marseille 2021
SoKube
 
Linux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - WonokaerunLinux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - Wonokaerunidsecconf
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Sysdig
 
Owning computers without shell access 2
Owning computers without shell access 2Owning computers without shell access 2
Owning computers without shell access 2
Royce Davis
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
Amazon Web Services
 
Docker Security
Docker SecurityDocker Security
Docker Security
antitree
 
K8s best practices from the field!
K8s best practices from the field!K8s best practices from the field!
K8s best practices from the field!
DoiT International
 
David container security-with_falco
David container security-with_falcoDavid container security-with_falco
David container security-with_falco
Lorenzo David
 
OpenStack Murano introduction
OpenStack Murano introductionOpenStack Murano introduction
OpenStack Murano introduction
Victor Zhang
 
Cloud Foundry V2 | Intermediate Deep Dive
Cloud Foundry V2 | Intermediate Deep DiveCloud Foundry V2 | Intermediate Deep Dive
Cloud Foundry V2 | Intermediate Deep DiveKazuto Kusama
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
Jen Andre
 

Similar to Container Runtime Security with Falco (20)

Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
 
Securing your Container Environment with Open Source
Securing your Container Environment with Open SourceSecuring your Container Environment with Open Source
Securing your Container Environment with Open Source
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
GitOps & the deployment branching models - DevOps D-day Marseille 2021
GitOps & the deployment branching models - DevOps D-day Marseille 2021GitOps & the deployment branching models - DevOps D-day Marseille 2021
GitOps & the deployment branching models - DevOps D-day Marseille 2021
 
Linux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - WonokaerunLinux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - Wonokaerun
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
Owning computers without shell access 2
Owning computers without shell access 2Owning computers without shell access 2
Owning computers without shell access 2
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
K8s best practices from the field!
K8s best practices from the field!K8s best practices from the field!
K8s best practices from the field!
 
David container security-with_falco
David container security-with_falcoDavid container security-with_falco
David container security-with_falco
 
OpenStack Murano introduction
OpenStack Murano introductionOpenStack Murano introduction
OpenStack Murano introduction
 
Cloud Foundry V2 | Intermediate Deep Dive
Cloud Foundry V2 | Intermediate Deep DiveCloud Foundry V2 | Intermediate Deep Dive
Cloud Foundry V2 | Intermediate Deep Dive
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 

More from Michael Ducy

Rethinking Open Source in the Age of Cloud
Rethinking Open Source in the Age of CloudRethinking Open Source in the Age of Cloud
Rethinking Open Source in the Age of Cloud
Michael Ducy
 
DevOps in a Cloud Native World
DevOps in a Cloud Native WorldDevOps in a Cloud Native World
DevOps in a Cloud Native World
Michael Ducy
 
Sysdig Open Source Intro
Sysdig Open Source IntroSysdig Open Source Intro
Sysdig Open Source Intro
Michael Ducy
 
Monitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in KubernetesMonitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in Kubernetes
Michael Ducy
 
Sysdig Tokyo Meetup 2018 02-27
Sysdig Tokyo Meetup 2018 02-27Sysdig Tokyo Meetup 2018 02-27
Sysdig Tokyo Meetup 2018 02-27
Michael Ducy
 
Principles of Monitoring Microservices
Principles of Monitoring MicroservicesPrinciples of Monitoring Microservices
Principles of Monitoring Microservices
Michael Ducy
 
Survey of Container Build Tools
Survey of Container Build ToolsSurvey of Container Build Tools
Survey of Container Build Tools
Michael Ducy
 
Monoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCampMonoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCamp
Michael Ducy
 
Monoliths, Myths, and Microservices
Monoliths, Myths, and MicroservicesMonoliths, Myths, and Microservices
Monoliths, Myths, and Microservices
Michael Ducy
 
Why Pipelines Matter
Why Pipelines MatterWhy Pipelines Matter
Why Pipelines Matter
Michael Ducy
 
The Future of Everything
The Future of EverythingThe Future of Everything
The Future of Everything
Michael Ducy
 
Improving Goat Production
Improving Goat ProductionImproving Goat Production
Improving Goat Production
Michael Ducy
 
Changing the Way Development and Operations Works
Changing the Way Development and Operations WorksChanging the Way Development and Operations Works
Changing the Way Development and Operations Works
Michael Ducy
 
CloudStack Day 14 - Automation: The Key to Hybrid Cloud
CloudStack Day 14 - Automation: The Key to Hybrid CloudCloudStack Day 14 - Automation: The Key to Hybrid Cloud
CloudStack Day 14 - Automation: The Key to Hybrid Cloud
Michael Ducy
 
The Road to Hybrid Cloud is Paved with Automation
The Road to Hybrid Cloud is Paved with AutomationThe Road to Hybrid Cloud is Paved with Automation
The Road to Hybrid Cloud is Paved with AutomationMichael Ducy
 
The Velocity of Bureaucracy
The Velocity of BureaucracyThe Velocity of Bureaucracy
The Velocity of Bureaucracy
Michael Ducy
 
The Goat and the Silo
The Goat and the SiloThe Goat and the Silo
The Goat and the Silo
Michael Ducy
 
Little Tech, Big Impact - Monktoberfest 2013
Little Tech, Big Impact - Monktoberfest 2013Little Tech, Big Impact - Monktoberfest 2013
Little Tech, Big Impact - Monktoberfest 2013
Michael Ducy
 
Object, measure thyself
Object, measure thyselfObject, measure thyself
Object, measure thyself
Michael Ducy
 
DevOps Columbus Meetup Kickoff - Infrastructure as Code
DevOps Columbus Meetup Kickoff - Infrastructure as CodeDevOps Columbus Meetup Kickoff - Infrastructure as Code
DevOps Columbus Meetup Kickoff - Infrastructure as Code
Michael Ducy
 

More from Michael Ducy (20)

Rethinking Open Source in the Age of Cloud
Rethinking Open Source in the Age of CloudRethinking Open Source in the Age of Cloud
Rethinking Open Source in the Age of Cloud
 
DevOps in a Cloud Native World
DevOps in a Cloud Native WorldDevOps in a Cloud Native World
DevOps in a Cloud Native World
 
Sysdig Open Source Intro
Sysdig Open Source IntroSysdig Open Source Intro
Sysdig Open Source Intro
 
Monitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in KubernetesMonitoring & Securing Microservices in Kubernetes
Monitoring & Securing Microservices in Kubernetes
 
Sysdig Tokyo Meetup 2018 02-27
Sysdig Tokyo Meetup 2018 02-27Sysdig Tokyo Meetup 2018 02-27
Sysdig Tokyo Meetup 2018 02-27
 
Principles of Monitoring Microservices
Principles of Monitoring MicroservicesPrinciples of Monitoring Microservices
Principles of Monitoring Microservices
 
Survey of Container Build Tools
Survey of Container Build ToolsSurvey of Container Build Tools
Survey of Container Build Tools
 
Monoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCampMonoliths, Myths, and Microservices - CfgMgmtCamp
Monoliths, Myths, and Microservices - CfgMgmtCamp
 
Monoliths, Myths, and Microservices
Monoliths, Myths, and MicroservicesMonoliths, Myths, and Microservices
Monoliths, Myths, and Microservices
 
Why Pipelines Matter
Why Pipelines MatterWhy Pipelines Matter
Why Pipelines Matter
 
The Future of Everything
The Future of EverythingThe Future of Everything
The Future of Everything
 
Improving Goat Production
Improving Goat ProductionImproving Goat Production
Improving Goat Production
 
Changing the Way Development and Operations Works
Changing the Way Development and Operations WorksChanging the Way Development and Operations Works
Changing the Way Development and Operations Works
 
CloudStack Day 14 - Automation: The Key to Hybrid Cloud
CloudStack Day 14 - Automation: The Key to Hybrid CloudCloudStack Day 14 - Automation: The Key to Hybrid Cloud
CloudStack Day 14 - Automation: The Key to Hybrid Cloud
 
The Road to Hybrid Cloud is Paved with Automation
The Road to Hybrid Cloud is Paved with AutomationThe Road to Hybrid Cloud is Paved with Automation
The Road to Hybrid Cloud is Paved with Automation
 
The Velocity of Bureaucracy
The Velocity of BureaucracyThe Velocity of Bureaucracy
The Velocity of Bureaucracy
 
The Goat and the Silo
The Goat and the SiloThe Goat and the Silo
The Goat and the Silo
 
Little Tech, Big Impact - Monktoberfest 2013
Little Tech, Big Impact - Monktoberfest 2013Little Tech, Big Impact - Monktoberfest 2013
Little Tech, Big Impact - Monktoberfest 2013
 
Object, measure thyself
Object, measure thyselfObject, measure thyself
Object, measure thyself
 
DevOps Columbus Meetup Kickoff - Infrastructure as Code
DevOps Columbus Meetup Kickoff - Infrastructure as CodeDevOps Columbus Meetup Kickoff - Infrastructure as Code
DevOps Columbus Meetup Kickoff - Infrastructure as Code
 

Recently uploaded

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 

Recently uploaded (20)

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 

Container Runtime Security with Falco