Security Kill Chain Stages in a 100k+ Daily Container Environment with Falco

Explore a comprehensive conference talk on implementing security measures in a large-scale container environment using Falco. Dive into the Security Kill Chain stages and learn how to monitor and identify anomalous system calls and abnormal Kubernetes API events in a cloud infrastructure hosting over 100,000 daily MATLAB containers. Gain insights into Falco integration, including eBPF, and discover how to write and test Falco rules for enhanced security observability. Follow a detailed walkthrough of the event pipeline and understand how Falco detects activities related to various stages of the attack lifecycle, from reconnaissance to actions on objectives. Learn practical strategies for improving your system's security posture and leave equipped with knowledge to implement robust security measures in your own cloud-native environments.

Introduction
Our Cluster Architecture
Securing Our Cluster
No System is Perfectly Secured
Here Comes 2020
How Do We Trace Back?
Why Falco?
Our Falco Strategy
System Analysis
Security Kill Chain with Falco
Rule Example
Falco Rules Testing (Demo)
Our Approach To Use Falco
Using Falco Alerts
Security Observability