Explore the world of container runtime security with this 38-minute conference talk on Falco, a CNCF Sandbox project. Delve into the distinctions between runtime security and other Kubernetes security layers. Learn how to implement system call abnormality detection using Falco's eBPF integration and discover techniques for identifying unusual behavior in the Kubernetes API server. Gain valuable insights into Falco and runtime security, acquire skills to create custom Falco rules, and understand how to contribute to the project's advancement. This Linux Foundation presentation, delivered by Kaizhe Huang from Sysdig, offers a comprehensive overview of Falco's capabilities and its role in enhancing container security.