Zero Trust Networks for Kubernetes & Container Runtime Security with Falco

Two great speakers from Tigera and Sysdig talking about container network and runtime security.

Location: @ Heptio

Agenda:
Meeting room: 5th Floor
Date: Nov 13, 2018
Time: 6:15 - 8:30 pm.

6:15 - 6:45 Arrival and social; food/beverages.

6:45 - 7:00 Intro and a few words from our sponsor

7:00 - 7:30 Spike Curtis from Tigera

Implementing Zero Trust Networks for Kubernetes

For cloud native applications, the network is simultaneously the all-important life blood as well as a hotbed of attacks. Distribution to microservices and increased sophistication of attackers are driving that tension higher and higher. Zero Trust Networking is a set of design principles for dealing with these threats by reducing trust in the network as much as possible. It upends the traditional zone-based view of network security in favor of the assumption that every network and every workload could be compromised. “Trusted” networks are replaced by strong cryptographic verification of each network flow. Spike will introduce Zero Trust Networks and demonstrate how to use open source software like SPIFFE, Envoy, Istio and Kubernetes Network Policy to build a Zero Trust Kubernetes Network. He will also discuss organizational processes to build and maintain it.

7:30 - 8:00 Michael Ducy from Sysdig

Container Runtime Security with Falco

Host intrusion detection (HID) has been around for some time. What if we rethought the problems HID solves in the context of Cloud Native platforms? What if we can detect abnormal behavior in the application, container runtime, & cluster environment as well? In this talk, we’ll present Falco, a CNCF Sandbox project for runtime security. We will show how Falco taps Linux system calls & the Kubernetes API to provide low level insight into application behavior, & how to write Falco rules to detect abnormal behavior. We’ll show how to collect & aggregate alerts using an EFK stack (Elasticsearch, Fluentd, Kibana). Finally we will show how Falco can trigger functions to stop abnormal behavior, & isolate the compromised Pod or Node for forensics. Attendees will leave with a better understanding of what problems runtime security solves, & how Falco can provide runtime security, auditing & incident response.

8:00 - 8:30 Wrapping up.

Spike's Bio:
Spike Curtis is a software developer at Tigera. He co-leads the Istio Security Working Group and is a contributing author of SPIFFE specifications. He is also a core developer for Calico and worked on the initial integrations with Docker, Kubernetes and Mesos. He has spoken about cloud native security at many conferences including CoreOS Fest, MesosCon, Tectonic Summit, ContainerSched and most recently, KubeCon North America 2017.

Spike earned his PhD from the University of Oxford where he worked on quantum computing with ion traps. He has also worked for Silicon Valley start-ups Palantir Technologies and Rigetti Computing.

Michael's Bio:
Born on the rolling plains of central Illinois corn fields, Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. Raised in a blue collar family, his first workbench was given to him at the age of 5. His first programming language was BASIC, at the ripe young age of 6. Michael quickly saw the parallels between building physical objects on his workbench, and building virtual objects with his computer. Still an avid woodworker, Michael finds joy in helping people understand technology and the impact it has on the work that we do, and the lives that we lead.