Falco - Container Native Runtime Security

Join us January 29 at Alfa Jango with Marky Jackson from Sysdig! Learn about Falco, a new Host Intrusion Detection system made for Cloud Native Platforms (not to mention its a CNCF project!).

What if we can detect abnormal behavior in the application, container runtime, & cluster environment as well? In this talk, Marky will present Falco, a CNCF Sandbox project for runtime security. We will show how Falco taps Linux system calls & the Kubernetes API to provide low level insight into application behavior, & how to write Falco rules to detect abnormal behavior. We’ll show how to collect & aggregate alerts using an EFK stack (Elasticsearch, Fluentd, Kibana). Finally we will show how Falco can trigger functions to stop abnormal behavior, & isolate the compromised Pod or Node for forensics. Attendees will leave with a better understanding of what problems runtime security solves, & how Falco can provide runtime security, auditing & incident response.

Food to be provided by the CNCF

Hope to see you at the first meeting in 2020!