Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to Use CNCF’s Falco to Protect Yourself Fro...

Avatar for cncf-canada-meetups cncf-canada-meetups
October 18, 2023
Technology
63
0

How to Use CNCF’s Falco to Protect Yourself From the New SCARLETEEL Attack! by Marat Salakhutdinov @Sysdig

Avatar for cncf-canada-meetups

cncf-canada-meetups

October 18, 2023

More Decks by cncf-canada-meetups

See All by cncf-canada-meetups
Canada Cloud Native Meetups - 2026 Sponsor Deck
Avatar for cncf-canada-meetups cncfcanada
0
61
Recursion - Meetup - Presentation - June 19th.pdf
Avatar for cncf-canada-meetups cncfcanada
0
63
CNCF Toronto Shopify Meetup Slides 26-03-25
Avatar for cncf-canada-meetups cncfcanada
0
89
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope
Avatar for cncf-canada-meetups cncfcanada
0
280
[CNCF Q1 2024] Remediate Kubernetes Security Threats in Real-Time with Falco Talon
Avatar for cncf-canada-meetups cncfcanada
0
92
[Q2 CNCF 2023] Metrio, a Cloud run journey
Avatar for cncf-canada-meetups cncfcanada
0
63
[CNCF Q1 2024] Agentic Installer LLMs Helm Charts by Chris Gruel @Akeyless
Avatar for cncf-canada-meetups cncfcanada
0
100
Karpenter @LightSpeed
Avatar for cncf-canada-meetups cncfcanada
0
130
Shorten the dev loop with mirrord
Avatar for cncf-canada-meetups cncfcanada
0
110

Other Decks in Technology

See All in Technology
ITエンジニアを取り巻く環境とキャリアパス / A career path for Japanese IT engineers
Avatar for 高玉 広和 / TAKATAMA Hirokazu takatama
4
1.8k
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development with AI-DLC
Avatar for 吉田真吾 yoshidashingo
0
140
Cloud Run のアップデート 触ってみる&紹介
Avatar for Gre212 gre212
0
320
TypeScript Compiler APIとPHP-Parserを活用し、TypeScriptとPHPで型を共有する
Avatar for did0es shuta13
0
360
新規ゲーム開発におけるAI駆動開発のリアル
Avatar for ENSAPIA Engineering株式会社 202409e2
0
2.7k
価格.comをAI駆動で全面刷新する ー 30年分の技術的負債を返し、次の30年の土台をつくる ー / AI Engineering Summit Tokyo 2026
Avatar for tkyowa tkyowa
49
54k
Unlocking the Apps
Avatar for Tim Perry pimterry
0
240
PHP と TypeScript の型システム比較:AI 時代の「型」は誰のためにあるのか? #frontend_phpcon_do / frontend_phpcon_do_2026
Avatar for shogogg shogogg
1
260
AI フレンドリーなエラー監視を TypeScript で実現する
Avatar for Shinobu Hayashi shinyaigeek
2
260
正解のないAIプロダクトをどう導くか?dodaが挑む、ユーザーの『本音』を構造化する評価設計と検証のリアル
Avatar for PERSOL CAREER Dev | techtekt techtekt
PRO
0
190
LLMと共に進化するプロセスを目指して
Avatar for y_matsuwitter ymatsuwitter
12
3.4k
Dario Amodi『Policy on the AI Exponential』を理解する
Avatar for 長津孝輔 nagatsu
0
190

Featured

See All Featured
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
211
24k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
Avatar for soudai sone soudai
PRO
65
55k
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
160
ラッコキーワード サービス紹介資料
Avatar for ラッコ株式会社 rakko
1
3.6M
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
Avatar for Aleyda Solis aleyda
2
11k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
85
9.5k
Collaborative Software Design: How to facilitate domain modelling decisions
Avatar for Kenny Baas-Schwegler baasie
1
240
A brief & incomplete history of 
UX Design for the World Wide Web: 1989–2019
Avatar for Jason CranfordTeague jct
2
390
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
Avatar for David Carrasco davidcarrasco
3
150
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.4k
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
Avatar for David Neal reverentgeek
1
460
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
300

Transcript

  1. How to Use CNCF’s Falco to Protect Yourself From the

    New SCARLETEEL Attack! Marat Salakhutdinov Senior Customer Solutions Engineer at Sysdig

  2. Marat Salakhutdinov Senior Customer Solutions Engineer @Sysdig linkedin: https://www.linkedin.com/in/salakhutdinov/ email:

    [email protected]
  3. None

  4. Sysdig 2023 Global Cloud Threat Report 1. Cloud Automation Weaponized

    2. 10 Minutes to Pain - every second counts 3. A 90% Safe Supply Chain Isn’t Safe Enough 4. Attackers are Hiding Among the Clouds 5. 65% of Cloud Attacks Target Telcos and FinTech

  5. SCARLETEEL attack 5

  6. “The Security Camera for Modern Apps” created by Sysdig

  7. What is Falco? • Runtime security engine • Observability for:

    ◦ Endpoints ◦ Cloud infrastructure • Built on eBPF • Integrated with Kubernetes CNCF INCUBATED PROJECT

  8. Beyond system calls and containers Plugins are dynamic shared libraries

    which allow Falco to collect and extract fields from streams of events

  9. Resources Get started at Falco.org Check out the Falco project

    in Github Get involved in the Falco community Meet the maintainers on the Falco Slack Follow @falco_org on Join a Falco workshop

  10. Demo Environment Details K8S cluster running on an EC2 node

    (with IMDSv1). • Vulnerable Spring Boot Application • Falco as a daemon set on k8s cluster • Falco Sidekick • Falco Sidekick UI • Falco Cloudtrail plugin • Falco AWS Cloudtrail terraform module An attacker host to execute the infiltration and exploit of the attack. • Rootkit installed. • Other tools to escalate privileges and lateral movement.

  11. Demo time 11

  12. Is runtime security enough? What helps the attacker to execute

    the attack: • Vulnerable packages • Vulnerable binaries ◦ In Runtime • Privileged containers • Extensive Permissions • Misconfigurations 12 Vulnerability Management * CSPM / KSPM / CIEM * CNAPP * * - its all can be done by Sysdig CNAPP Platform

  13. CNAPP: SCARLETEEL - Sysdig demo lab Features and flows of

    the Lab: • Runtime Threat Detection and Response • Cloud Threat Detection (AWS account) • Vulnerability Management for K8s workloads • Security Posture ◦ CSPM: Cloud Security Posture Management ◦ CIEM: Cloud Identities and Entitlements Management 13