While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of containers in production. That is the reason we created Falco, the open source behavioral activity monitor for containerized environments.
Falco can detect and alert on anomalous behavior at the application, file system and network level.
In this session we get a deep dive into Falco and explain the following points:
* How does behavioral security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor?
* How Falco does its magic?
* What Falco can detect? Creating your own rules and customize the existing ones for your Kubernetes applications.
* How to deploy Falco in your Kubernetes cluster?
* Reacting to security incidents, what we can do to stop the attackers in real-time?
*Post-mortem analysis and forensics on containers with Sysdig Inspect. Even when containers does not exist anymore!