cncf-toc@lists.cncf.io | Upcoming Sysdig Falco TOC Presentation

Home Messages Hashtags Subgroups

Date Date 1 - 2 of 2

Upcoming Sysdig Falco TOC Presentation

Michael Ducy #2143 During the next TOC meeting Loris Degioanni and myself are presenting on Sysdig's open source security project, Falco. I wanted to provide a summary of info that can be used to learn more about Falco ahead of that presentation. What it is: Falco detects abnormal behavior inside containers and container hosts. This includes reading/writing files, network connections, ports listening, process spawned, and more. Why you need it: Falco can detect abnormal behavior, or attacks, inside a Cloud Native platform, and trigger action such as killing the offending container, marking a node as tainted, etc. TOC Sponsor: Ken Owens Proposed Level: Sandbox Github: https://github.com/draios/falco TOC Presentation: https://docs.google.com/presentation/d/1YZL5v1lyL-S2UPPhYlefHNHQeKL96T2L0XdUULz-gTA/edit TOC Proposal: https://docs.google.com/document/d/1uf20azEZ_CciqzdG60rtqjrqzrUVlyVOwevPrxhfpoA/edit Community Presentations: - Kubernetes Runtime Security: What Happens if a Container Goes Bad? - Jen Tong & Maya Kaczorowski: Jen and Maya do an excellent job of explaining the problem of runtime security. https://www.youtube.com/watch?v=X7mBjas9vtE - Avoiding Tainted Tenant Apps with Staging Gates and Electric Fences - Bret Mogilefsky, 18F Cloud.gov explains how they use Falco to evict Cloud Foundry applications that are compromised. https://www.youtube.com/watch?v=wFQOXMcZnQg Blog Posts: Using Falco with an Elasticsearch, Fluentd, Kibana (EFK) stack to collect security events - https://sysdig.com/blog/kubernetes-security-logging-fluentd-falco/ Using Falco with NATS and Kubeless to react to security events - https://sysdig.com/blog/active-kubernetes-security-falco-nats-kubeless/ Deploying Falco with Helm - https://sysdig.com/blog/falco-helm-chart/ Integrate Falco with Google Cloud Security Command Center - https://sysdig.com/blog/falco-gke-kubernetes-security/ Default Falco rule sets for common applications - https://sysdig.com/blog/docker-runtime-security/ I'm happy to answer anyone's questions about Falco and where we want to take the project. We look forward to presenting in a few weeks. Thanks, Michael
More All Messages By This Member
alexis richardson #2144 thanks! posting this was a great idea, and Sets A Precedent imho toggle quoted message Show quoted text On Thu, Jul 5, 2018 at 7:59 PM, Michael Ducy <michael.ducy@...> wrote: During the next TOC meeting Loris Degioanni and myself are presenting on Sysdig's open source security project, Falco. I wanted to provide a summary of info that can be used to learn more about Falco ahead of that presentation. What it is: Falco detects abnormal behavior inside containers and container hosts. This includes reading/writing files, network connections, ports listening, process spawned, and more. Why you need it: Falco can detect abnormal behavior, or attacks, inside a Cloud Native platform, and trigger action such as killing the offending container, marking a node as tainted, etc. TOC Sponsor: Ken Owens Proposed Level: Sandbox Github: https://github.com/draios/falco TOC Presentation: https://docs.google.com/presentation/d/1YZL5v1lyL-S2UPPhYlefHNHQeKL96T2L0XdUULz-gTA/edit TOC Proposal: https://docs.google.com/document/d/1uf20azEZ_CciqzdG60rtqjrqzrUVlyVOwevPrxhfpoA/edit Community Presentations: - Kubernetes Runtime Security: What Happens if a Container Goes Bad? - Jen Tong & Maya Kaczorowski: Jen and Maya do an excellent job of explaining the problem of runtime security. https://www.youtube.com/watch?v=X7mBjas9vtE - Avoiding Tainted Tenant Apps with Staging Gates and Electric Fences - Bret Mogilefsky, 18F Cloud.gov explains how they use Falco to evict Cloud Foundry applications that are compromised. https://www.youtube.com/watch?v=wFQOXMcZnQg Blog Posts: Using Falco with an Elasticsearch, Fluentd, Kibana (EFK) stack to collect security events - https://sysdig.com/blog/kubernetes-security-logging-fluentd-falco/ Using Falco with NATS and Kubeless to react to security events - https://sysdig.com/blog/active-kubernetes-security-falco-nats-kubeless/ Deploying Falco with Helm - https://sysdig.com/blog/falco-helm-chart/ Integrate Falco with Google Cloud Security Command Center - https://sysdig.com/blog/falco-gke-kubernetes-security/ Default Falco rule sets for common applications - https://sysdig.com/blog/docker-runtime-security/ I'm happy to answer anyone's questions about Falco and where we want to take the project. We look forward to presenting in a few weeks. Thanks, Michael
More All Messages By This Member

1 - 2 of 2

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms