Linux system calls analyzing with Falco. Tips and tricks.
from inDrive (Limassol)
About speaker
Infrastructure Security Engineering Manager.
Interested in Infra Security, Сlouds, K8S and SOC.
About speakers company
Modern international IT and Ride-Hailing company
Abstracts
I'll tell what system calls are in Linux and how they can improve our security monitoring. We will discuss what free, open-source tools are available for analyzing system calls in Linux, their pros and cons, and basic principles
I’ll tell you what kind of tool Falco is, why we chose it and what advantages it provides. We will take a look at the Falco a little bit "under the hood" and try to figure out how it works in detail. I’ll tell you about my own experience with Falco, what challenges and problems we encountered during its implementation.
We will also touch on the differences in using Falco in K8S from the classic Linux infrastructure, as well as alternative approaches for K8S.
We will discuss the logic of Falco detection rules, honestly address the existing problems with them, and understand how the GitOps approach could help us manage Falco detection rules.
The talk was accepted to the conference program
other talks of this topic
Artem Bachevsky
Independent Researcher
Tech Internals Conf is the largest conference for developers of complex and highly loaded systems
Participation options
Offline
The price is soaring —> the closer the conference is, the more it costs.
The current price of a ticket is —> 580 EUR
If you have any questions you can reach out to our support service —> support@internals.tech
Special offer (from 5 tickets)
To order from 5 tickets, contact us support@internals.tech
leave a request
Changed your mind?
Please tell us why.
Thank you for your reply!
Become partner
Professional conference for developers of high-load systems