While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of containers in production. That is the reason we created Sysdig Falco, the open source behavioral activity monitor for containerized environments.
Sysdig Falco can detect and alert on anomalous behaviour at the application, file system and network level.
In this session we get a deep dive into Falco and explain the following points:
* How does behavioral security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor?
* How Falco does its magic?
* What Falco can detect? Creating your own rules and customize the existing ones for your Kubernetes applications.
* How to deploy Falco in your Kubernetes cluster?
* Reacting to security incidents, what we can do to stop the attackers in real-time?
* Post-mortem analysis and forensics on containers with Sysdig Inspect. Even when containers does not exist anymore!
Jorge Salamero Sanz
Jorge enjoys monitoring all the things, from his Docker containers and Kubernetes clusters to writing sensors plugins for DIY IoT projects with Raspberry PI and ESP8266.
Currently he is part of the Sysdig team, and in the past was one of the promoters of HumanOps and a Debian developer. When he is away from computers, you will find him walking with his 2 dogs in the mountains or driving his car through a twisted road.