The Eye of Falco: Detecting Container Escape Techniques with Linux Capabilities

Explore container security vulnerabilities and learn how to detect and prevent container escapes using Falco in this 34-minute conference talk by Stefano Chierici and Lorenzo Susini from Sysdig. Delve into the limitations of container isolation technologies and understand how capabilities, while designed for least privilege, can introduce complexity and potential security risks. Discover how Falco, a CNCF container runtime security tool, can monitor Linux capabilities, identify misconfigured containers, and proactively respond to security threats. Examine real-world scenarios based on recent CVEs to gain practical insights into using Falco for detection and automated response to container escaping techniques.