Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Deep Dive - Runtime Security With Falco in Userspace

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore runtime security with Falco in userspace in this conference talk by Loris Degioanni from Sysdig. Dive deep into the tradeoffs of using different backend drivers to access system call information for cloud-native security. Learn about eBPF, kernel modules, and ptrace(2), and understand the performance impacts of various solutions like LD_PRELOAD. Gain insights from Loris' extensive experience contributing to Wireshark and creating Sysdig and Falco. Discover Falco's architecture, rule examples, data collection methods, and the importance of kernel-based instrumentation. Examine LD Preload limitations, Ptrace, Amazon Fargate integration, and Falco Trace SSH. Understand system binary changes and performance considerations in this comprehensive exploration of Falco's userspace implementation.

Syllabus

Introduction
Who is Loris
What is Falco
Falco Architecture
Rule Examples
How Falco collects data
Why Falco uses kernelbased instrumentation
Falco needs access to the kernel
LD Preload
LD Limitations
Ptrace
Amazon Fargate
Falco Trace SSH
Change System Binary
Performance
Links
QA

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Deep Dive - Runtime Security With Falco in Userspace

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.