1. posterid:556643
  2. Upcoming Sysdig Falco TOC Presentation

Re: Upcoming Sysdig Falco TOC Presentation

alexis richardson
 

thanks! posting this was a great idea, and Sets A Precedent imho

On Thu, Jul 5, 2018 at 7:59 PM, Michael Ducy <michael.ducy@...> wrote:
During the next TOC meeting Loris Degioanni and myself are presenting on
Sysdig's open source security project, Falco. I wanted to provide a summary
of info that can be used to learn more about Falco ahead of that
presentation.

What it is: Falco detects abnormal behavior inside containers and container
hosts. This includes reading/writing files, network connections, ports
listening, process spawned, and more.

Why you need it: Falco can detect abnormal behavior, or attacks, inside a
Cloud Native platform, and trigger action such as killing the offending
container, marking a node as tainted, etc.

TOC Sponsor: Ken Owens

Proposed Level: Sandbox

Github: https://github.com/draios/falco

TOC Presentation:
https://docs.google.com/presentation/d/1YZL5v1lyL-S2UPPhYlefHNHQeKL96T2L0XdUULz-gTA/edit

TOC Proposal:
https://docs.google.com/document/d/1uf20azEZ_CciqzdG60rtqjrqzrUVlyVOwevPrxhfpoA/edit

Community Presentations:

- Kubernetes Runtime Security: What Happens if a Container Goes Bad? - Jen
Tong & Maya Kaczorowski:
Jen and Maya do an excellent job of explaining the problem of runtime
security.
https://www.youtube.com/watch?v=X7mBjas9vtE

- Avoiding Tainted Tenant Apps with Staging Gates and Electric Fences - Bret
Mogilefsky, 18F
Cloud.gov explains how they use Falco to evict Cloud Foundry applications
that are compromised.
https://www.youtube.com/watch?v=wFQOXMcZnQg

Blog Posts:

Using Falco with an Elasticsearch, Fluentd, Kibana (EFK) stack to collect
security events -
https://sysdig.com/blog/kubernetes-security-logging-fluentd-falco/

Using Falco with NATS and Kubeless to react to security events -
https://sysdig.com/blog/active-kubernetes-security-falco-nats-kubeless/

Deploying Falco with Helm - https://sysdig.com/blog/falco-helm-chart/

Integrate Falco with Google Cloud Security Command Center -
https://sysdig.com/blog/falco-gke-kubernetes-security/

Default Falco rule sets for common applications -
https://sysdig.com/blog/docker-runtime-security/



I'm happy to answer anyone's questions about Falco and where we want to take
the project. We look forward to presenting in a few weeks.

Thanks,
Michael
Join {cncf-toc@lists.cncf.io to automatically receive all group messages.