Cloud Native Runtime Security with Falco

For this new meetup, Lorenzo David from Sysdig will present Falco, a container security project currently living in the CNCF's sandbox.

---

ABSTRACT

In any Cloud Native architecture, there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity.
In this talk, we will cover the design principles and architecture of Falco, an open source container native runtime security engine, capable to ingest the host system calls event stream, as well as application metrics and Kubernetes audit events.
We will also show how to create Falco rules to detect behaviors for these heterogeneous event streams, and how to extend Falco for additional custom events sources.
Attendees will gain a deep understanding of Falco’s architecture, and its use cases for runtime container security.

---

SPEAKER BIO

Lorenzo is a Senior Software Engineer at Sysdig, where he help defining, architecting and developing the Sysdig Secure portfolio.
Prior to Sysdig, he worked in the Software Defined Networking space, as core engineer of the Next-Gen VMware NSX Firewall.
He has double degree M.S. in Computer Science from the Polytechnic University of Turin and EURECOM/Telecom ParisTech.

---

Thanks a lot to JobOpportunIT (https://www.jobopportunit.com/) for offering the pizzas and beverages to the participants.