logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Loris Degioanni
2022-10-25

tldr - powered by Generative AI

The presentation discusses the importance of securing code repositories and how to detect and prevent threats using CNCF's Falco.
  • Code repositories are a prime target for attacks and are subject to several categories of threats such as pushing secrets, running GitHub actions with miners, and mistakenly publishing a private repository.
  • Falco is a runtime security tool that traditionally protects containers and pods in Kubernetes but now has a GitHub plugin to provide real-time runtime security for GitHub repositories.
  • Falco listens on containerized Kubernetes-based endpoints and captures signals such as system calls to detect bad stuff and give alerts.
  • Falco's rule engine is simple and customizable, allowing users to add their own rules to detect specific threats.
  • Falco is free, open-source, and can be helpful in securing code repositories.
  • The presenter invites attendees to a Falco party and a session with Falco developers to learn more about the tool.
Authors: Stefano Chierici, Lorenzo Susini
2022-10-25

tldr - powered by Generative AI

The presentation discusses how Falco, an open-source project for runtime security, can be extended to monitor capabilities and detect potential malicious behavior in Kubernetes clusters.
  • Falco is an open-source project for runtime security that has become the de facto standard for Kubernetes security.
  • Capabilities in Kubernetes can create a gray area in security monitoring, and Falco can be extended to monitor capabilities and detect potential malicious behavior.
  • The presenters created two rules using Falco to detect excessive capabilities in new containers and modifications to the release agent file.
  • Falco only monitors runtime security and does not consider configuration changes in the YAML files.
  • Falco can be deployed on Kubernetes using official charts and packages.