Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to Use CNCF’s Falco to Protect Yourself Fro...

cncf-canada-meetups
October 18, 2023
Technology
0
28

How to Use CNCF’s Falco to Protect Yourself From the New SCARLETEEL Attack! by Marat Salakhutdinov @Sysdig

cncf-canada-meetups

October 18, 2023
Tweet

More Decks by cncf-canada-meetups

See All by cncf-canada-meetups
Canada Cloud Native & Kubernetes Meetups - 2024 Sponsor Deck
cncfcanada
0
58
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope
cncfcanada
0
67
[CNCF Q1 2024] Remediate Kubernetes Security Threats in Real-Time with Falco Talon
cncfcanada
0
16
[Q2 CNCF 2023] Metrio, a Cloud run journey
cncfcanada
0
17
[CNCF Q1 2024] Agentic Installer LLMs Helm Charts by Chris Gruel @Akeyless
cncfcanada
0
23
Karpenter @LightSpeed
cncfcanada
0
54
Shorten the dev loop with mirrord
cncfcanada
0
28
October 2023 Montreal CNCF Meetup
cncfcanada
0
41
Beyond Dashboarding The Grafana Observability Stack by Steve Caron
cncfcanada
0
75

Other Decks in Technology

See All in Technology
マネジメント視点でのre:Invent参加 ~もしCEOがre:Inventに行ったら~
kojiasai
0
460
pandasはPolarsに性能面で追いつき追い越せるのか
vaaaaanquish
4
4.6k
急成長中のWINTICKETにおける品質と開発スピードと向き合ったQA戦略と今後の展望 / winticket-autify
cyberagentdevelopers
PRO
1
160
いまならこう作りたい AWSコンテナ[本格]入門ハンズオン 〜2024年版 ハンズオンの構想〜
horsewin
9
2.1k
新卒1年目が挑む!生成AI × マルチエージェントで実現する次世代オンボーディング / operation-ai-onboarding
cyberagentdevelopers
PRO
1
160
10分でわかるfreee エンジニア向け会社説明資料
freee
18
520k
ユーザーの購買行動モデリングとその分析 / dsc-purchase-analysis
cyberagentdevelopers
PRO
2
100
コンテンツを支える 若手ゲームクリエイターの アートディレクションの事例紹介 / cagamefi-game
cyberagentdevelopers
PRO
1
130
Vueで Webコンポーネントを作って Reactで使う / 20241030-cloudsign-vuefes_after_night
bengo4com
4
2.5k
IaC運用を楽にするためにCDK Pipelinesを導入したけど、思い通りにいかなかった話
smt7174
1
110
Automated Promptingを目指すその前に / Before we can aim for Automated Prompting
rkaga
0
110
使えそうで使われないCloudHSM
maikamibayashi
0
170

Featured

See All Featured
Ruby is Unlike a Banana
tanoku
96
11k
A better future with KSS
kneath
238
17k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Building Your Own Lightsaber
phodgson
102
6k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Fireside Chat
paigeccino
32
3k
We Have a Design System, Now What?
morganepeng
50
7.2k
Thoughts on Productivity
jonyablonski
67
4.3k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
107
49k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Docker and Python
trallard
40
3.1k

Transcript

  1. How to Use CNCF’s Falco to Protect Yourself From the

    New SCARLETEEL Attack! Marat Salakhutdinov Senior Customer Solutions Engineer at Sysdig

  2. Marat Salakhutdinov Senior Customer Solutions Engineer @Sysdig linkedin: https://www.linkedin.com/in/salakhutdinov/ email:

    [email protected]
  3. None

  4. Sysdig 2023 Global Cloud Threat Report 1. Cloud Automation Weaponized

    2. 10 Minutes to Pain - every second counts 3. A 90% Safe Supply Chain Isn’t Safe Enough 4. Attackers are Hiding Among the Clouds 5. 65% of Cloud Attacks Target Telcos and FinTech

  5. SCARLETEEL attack 5

  6. “The Security Camera for Modern Apps” created by Sysdig

  7. What is Falco? • Runtime security engine • Observability for:

    ◦ Endpoints ◦ Cloud infrastructure • Built on eBPF • Integrated with Kubernetes CNCF INCUBATED PROJECT

  8. Beyond system calls and containers Plugins are dynamic shared libraries

    which allow Falco to collect and extract fields from streams of events

  9. Resources Get started at Falco.org Check out the Falco project

    in Github Get involved in the Falco community Meet the maintainers on the Falco Slack Follow @falco_org on Join a Falco workshop

  10. Demo Environment Details K8S cluster running on an EC2 node

    (with IMDSv1). • Vulnerable Spring Boot Application • Falco as a daemon set on k8s cluster • Falco Sidekick • Falco Sidekick UI • Falco Cloudtrail plugin • Falco AWS Cloudtrail terraform module An attacker host to execute the infiltration and exploit of the attack. • Rootkit installed. • Other tools to escalate privileges and lateral movement.

  11. Demo time 11

  12. Is runtime security enough? What helps the attacker to execute

    the attack: • Vulnerable packages • Vulnerable binaries ◦ In Runtime • Privileged containers • Extensive Permissions • Misconfigurations 12 Vulnerability Management * CSPM / KSPM / CIEM * CNAPP * * - its all can be done by Sysdig CNAPP Platform

  13. CNAPP: SCARLETEEL - Sysdig demo lab Features and flows of

    the Lab: • Runtime Threat Detection and Response • Cloud Threat Detection (AWS account) • Vulnerability Management for K8s workloads • Security Posture ◦ CSPM: Cloud Security Posture Management ◦ CIEM: Cloud Identities and Entitlements Management 13