Photo

Linux system calls analyzing with Falco. Tips and tricks.

Artem Mishchenko

from inDrive (Limassol)

About speaker

Infrastructure Security Engineering Manager.
Interested in Infra Security, Сlouds, K8S and SOC.

About speakers company

Modern international IT and Ride-Hailing company

Abstracts

broad

I'll tell what system calls are in Linux and how they can improve our security monitoring. We will discuss what free, open-source tools are available for analyzing system calls in Linux, their pros and cons, and basic principles

I’ll tell you what kind of tool Falco is, why we chose it and what advantages it provides. We will take a look at the Falco a little bit "under the hood" and try to figure out how it works in detail. I’ll tell you about my own experience with Falco, what challenges and problems we encountered during its implementation.
We will also touch on the differences in using Falco in K8S from the classic Linux infrastructure, as well as alternative approaches for K8S.

We will discuss the logic of Falco detection rules, honestly address the existing problems with them, and understand how the GitOps approach could help us manage Falco detection rules.

The talk was accepted to the conference program

other talks of this topic

Photo
Container and Kubernetes: modern attacks and mitigations

Artem Bachevsky

Independent Researcher

broad
Photo
Sandboxing in Linux with zero lines of code

Ignat Korchagin

Cloudflare, Linux Guru

specific
Photo
GitOPS: View from a security perspective

Aleksandr Sungurov

Exness

broad
Photo
Offensive Azure Security

Sergey Chubarov

Independent consultant

broad