Go hands-on with container visibility, troubleshooting and run-time security monitoring with the Sysdig open source tools (Sysdig, Sysdig Inspect, and Falco). Dive into Kubernetes internals using reverse engineering: why is that Kubernetes service valid but doesn’t work? How does service resolution work? How does Kubernetes instruct Docker Engine? Then apply this for security beyond just doing forensics on an attack attempt; learn how container security works under the hood.

Come learn all about runtime security & securing your containers with the open source tool Sysdig Falco. In this workshop we will cover the basics of container runtime security, and walk attendees through hands on exercises to detect abnormal activity inside of containers. Attendees will leave with a knowledge of how to deploy Falco to platforms such as Kubernetes, how to write Falco rules to detect abnormal behavior, and how to perform post-incident forensics to determine what an attacker did on a compromised container.

Prerequisites:

• Comfort using a command line and a text editor
• Familiarity with Docker & Linux
• A laptop with a web browser and SSH client installed
• Download and install Sysdig Inspect: https://github.com/draios/sysdig-inspect/releases/tag/0.3.0