Security Kill Chain Stages in a 100k+ Daily Container Environment with Falco
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore a comprehensive conference talk on implementing security measures in a large-scale container environment using Falco. Dive into the Security Kill Chain stages and learn how to monitor and identify anomalous system calls and abnormal Kubernetes API events in a cloud infrastructure hosting over 100,000 daily MATLAB containers. Gain insights into Falco integration, including eBPF, and discover how to write and test Falco rules for enhanced security observability. Follow a detailed walkthrough of the event pipeline and understand how Falco detects activities related to various stages of the attack lifecycle, from reconnaissance to actions on objectives. Learn practical strategies for improving your system's security posture and leave equipped with knowledge to implement robust security measures in your own cloud-native environments.
Syllabus
Introduction
Our Cluster Architecture
Securing Our Cluster
No System is Perfectly Secured
Here Comes 2020
How Do We Trace Back?
Why Falco?
Our Falco Strategy
System Analysis
Security Kill Chain with Falco
Rule Example
Falco Rules Testing (Demo)
Our Approach To Use Falco
Using Falco Alerts
Security Observability
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Bypassing Falco - Cluster Compromise Without Tripping the SOCsecwestnet via YouTube Introduction to Falco - Cloud-Native Runtime Security
Rawkode Academy via YouTube Overcoming CVE Shock - Adding Perspective in Vulnerability Scanning
Devoxx via YouTube How to Secure a Kubernetes Cluster from Scratch
Devoxx via YouTube Tools to Help You Secure Your Kubernetes Cluster
Devoxx via YouTube