Container Security Workshop

In this workshop we’ll cover how to implement runtime security for containerized environments using the open source project Falco (falco.org). We’ll cover the following:

  • Learn how to create rules for an application. We’ll take a containerized application and create Falco rules to detect abnormal behavior in the application. We’ll profile an application’s system calls, then use the profile to create application specific rules.

  • Learn how to alert on Kubernetes audit events like deployment creation, kubectl exec, privileged container creation, and other interactions with the Kubernetes API.

  • Learn how to leverage Serverless frameworks to react to security incidents. Delete offending pods, prevent nodes from being scheduled, and alert to Slack.

Speaker

michael-ducy

Michael Ducy

   
Born on the rolling plains of central Illinois corn fields, Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him ...