Comprehensive Guide to Runtime Security

Presented at BSidesLV 2023, Aug. 8, 2023, 3 p.m. (Unknown duration).

The adoption of containers and orchestration systems skyrocketed over the last few years. The popularity of these platforms makes them common targets for cybercriminals. Kubernetes combats this risk with built-in controls (such as Admission Controllers and RBAC authorization), but what if you want to observe the behavior of pods at runtime to detect intrusions? In this hands-on training, instructors will depict the cloud-native security landscape, dive into cloud detection and response and show how to detect unexpected behavior and intrusion. This training is a comprehensive guide to Falco, the de facto CNCF open-source threat detection standard for Kubernetes environments. From using the default rules to customizing existing rules, and writing new Falco rules, attendees will walk away confident they can protect their environment against runtime threats, the last line of defense. Every participant will use a web browser to access their own lab environment, in which they will use Falco to identify and notify intrusions. This session is for security practitioners who are new to cloud-native and want to expand their knowledge of runtime security, as well as those who are familiar with Falco and want to customize its detection capabilities by writing new rules.

Presenters:

  • Pablo Musa
    Pablo is an experienced speaker and trainer with a demonstrated history of working in the computer software industry. Highly skilled in the Observability ecosystem, Pablo is excited to be a part of the new generation of microservices and cloud-centric monitoring and security. Robust software professional with a Master of Science (MSc) focused on Distributed Systems and Programming Languages. Education is his passion, and he believes that knowledge should be shared.

Links:

Similar Presentations: