YoVDO

Deep Dive - Runtime Security With Falco in Userspace

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Conference Talks Courses Cloud-Native Security Courses eBPF Courses Falco Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore runtime security with Falco in userspace in this conference talk by Loris Degioanni from Sysdig. Dive deep into the tradeoffs of using different backend drivers to access system call information for cloud-native security. Learn about eBPF, kernel modules, and ptrace(2), and understand the performance impacts of various solutions like LD_PRELOAD. Gain insights from Loris' extensive experience contributing to Wireshark and creating Sysdig and Falco. Discover Falco's architecture, rule examples, data collection methods, and the importance of kernel-based instrumentation. Examine LD Preload limitations, Ptrace, Amazon Fargate integration, and Falco Trace SSH. Understand system binary changes and performance considerations in this comprehensive exploration of Falco's userspace implementation.

Syllabus

Introduction
Who is Loris
What is Falco
Falco Architecture
Rule Examples
How Falco collects data
Why Falco uses kernelbased instrumentation
Falco needs access to the kernel
LD Preload
LD Limitations
Ptrace
Amazon Fargate
Falco Trace SSH
Change System Binary
Performance
Links
QA


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Bypassing Falco - Cluster Compromise Without Tripping the SOC
secwestnet via YouTube Introduction to Falco - Cloud-Native Runtime Security
Rawkode Academy via YouTube Overcoming CVE Shock - Adding Perspective in Vulnerability Scanning
Devoxx via YouTube How to Secure a Kubernetes Cluster from Scratch
Devoxx via YouTube Tools to Help You Secure Your Kubernetes Cluster
Devoxx via YouTube