Explore open source intrusion detection for containers in this keynote presentation from KubeCon + CloudNativeCon. Discover how Shopify utilizes Falco, a CNCF incubating project, to monitor critical systems and detect potential security threats. Learn about tracking syscalls at the kernel level, implementing Kubernetes-aware processes, and using predefined rules for event logging. Gain insights into Shopify's deployment of Falco since 2018, including tips for maximizing its effectiveness, areas for improvement, and use cases for detecting compromises and data exfiltration. Understand the challenges of traditional network security models in Kubernetes environments and how Falco addresses these issues. Delve into Falco's features, rule creation, and prevention strategies for enhancing container security in cloud-native infrastructures.
Open Source Intrusion Detection for Containers at Shopify
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
About Shopify
The importance of security
Shopifys use case
Traditional network security model
Kubernetes infrastructure
Kubernetes 17 issues
Proof
Features
What is FALCO
FALCO rules
Prevention
Taught by
CNCF [Cloud Native Computing Foundation]
