Security Kill Chain Stages in a 100k+ Daily Container Environment with Falco

Explore a comprehensive conference talk on implementing security measures in a large-scale container environment using Falco. Dive into the Security Kill Chain stages and learn how to monitor and identify anomalous system calls and abnormal Kubernetes API events in a cloud infrastructure hosting over 100,000 daily MATLAB containers. Gain insights into Falco integration, including eBPF, and discover how to write and test Falco rules for enhanced security observability. Follow a detailed walkthrough of the event pipeline and understand how Falco detects activities related to various stages of the attack lifecycle, from reconnaissance to actions on objectives. Learn practical strategies for improving your system's security posture and leave equipped with knowledge to implement robust security measures in your own cloud-native environments.