Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn

•

0 gostou•33 visualizações

ContainerDay Security 2023

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. Containers are awesome. The technology finds more and more adaptation in our daily IT lifes. They are fast, agile and shareable. All those postives bring a downsite to it - visibility. Can I trust every container content? Is my container behaving like it should? It's to fast, how can I catch anomalities? We want to tackle those questions in our session and show you what Falco and Sysdig can do for you to win back container visibility without any loss of container benefits.

Tecnologia

How to approach Container
Security from Open Source to
Enterprise
Stefan Trimborn
Enterprise Sales Engineer
Source Run

Why not both!
OSS based Enterprise Solution

Out of the Box Rules
Rules
Update packages
Modify /bin /usr
Write below /etc
Read sensitive file
DB spawned proc
Change namespace
Privileged container
Sensitive mount
Terminal shell
Best practices
FIM (File Integrity)
Privileged pod
ConfigMap creds
kubectl exec/attach
Role changes audit
PCI
NIST
Compliance
CVE-2019-11246
kubectl cp
CVE-2019-5736
runc breakout
CVE-2019-14287
sudo bypass
Vulnerabilities
K8s control plane
Nginx
Elasticsearch
Redis
HAproxy
Rook
MongoDB
PostgreSQL
Cloud Native Stack

Create your own rules
6
Rules
- macro: my_monitored_dir
condition: fd.directory in (my_monitored_directories)
- list: my_monitored_directories
items: [/tmp]

Introducing…
7
Rules
- rule: Write below my monitored dir
desc: an attempt to write to any file below a set of my monitored
directories
condition: >
evt.dir = < and open_write and my_monitored_dir
and not package_mgmt_procs
output: >
Hey Admin - File below a monitored directory opened for writing
(user=%user.name user_loginuid=%user.loginuid
command=%proc.cmdline file=%fd.name parent=%proc.pname
pcmdline=%proc.pcmdline gparent=%proc.aname[2] container_id=%container.id
image=%container.image.repository)
priority: ERROR
tags: [filesystem, mitre_persistence]

15
Sweet! All the infos we need to remediate!

Hello Sidekick! - Outputs
https://github.com/falcosecurity/falcosidekick
● Chat (Slack, Teams, Google Chat,...)
● Metrics (Datadog, Influxdb, StatsD,
Prometheus,...)
● Alerting,
● Logs (Elasticsearch,Loki...)
● Object Storage,
● Message Queue
● Email
● Web
● and more!

18
https://github.com/falcosecurity/plugins
There is more: Falco Plug-Ins!

Great! But…
● DIY - Installation, Roll Outs, Rule Updates, etc.
● Extra Work - No UI by default, No Plug-Ins
● Focus on Runtime Detection
● Community Support

The best of both worlds
● Based on Falco - No need to start from scratch
● Based on OSS - Prometheus, OPA, Falco - Reuse your skills
● More than Runtime Detection - it’s a full CWAPP and CSPM Solution
● No manual management:
UI, Plugins, Rules OOTB
● Premium Support based in Europe!

Configuration
Management
Infrastructure as
Code Validation
Vulnerability
Management
Threat
Detection
Incident
Response
•CI/CD pipelines,
registries, and
hosts
•Prioritization based
on in-use vulns
• Capture detailed
record for
forensics
• Block malicious
containers /
processes
• CSPM / cloud
misconfigurations
• Cloud Inventory
CODE BUILD RUN RESPOND
Supply Chain Security
Compliance
• Cloud threat
detection
• Workload runtime
security
• Drift prevention
• Block risky
configs
Securing VMs, Hosts, Kubernetes and Cloud Services
Identity and Access
Management
• CIEM / least
privilege
• Prioritization
based on in-use
permissions

Shall we have a closer look at Sysdig Secure?
• Prioritize what matters
• Detect threats in real time
• Fix fast with context
Software Vulnerabilities Configuration & Access Risks Runtime Threats Compliance
Cloud Infrastructure
Containers/Kubernetes

24
Curios?
Want to discuss or see more?
Visit us at sysdig.com
Or contact me at:
stefan.trimborn@sysdig.com

Cloud and Container Security
from Source to Run

Mais conteúdo relacionado

Semelhante a Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn

While there have been many improvements around securing containers, there is still a large gap in monitoring the behaviour of containers in production. Sysdig Falco is an open source behavioural activity monitor for containerized environments. Sysdig Falco can detect and alert on anomalous behaviour at the application, file, system, and network level. In this session get a deep dive into Falco: How does behavioural security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? What can Sysdig Falco detect? Building and customizing rules for your Docker and Kubernetes apps. Forensics analysis with Sysdig Inspect even when the container doesn't exist anymore! Read more on: https://sysdig.com/blog/docker-runtime-security/ https://sysdig.com/blog/runtime-security-kubernetes-sysdig-falco/

Docker Runtime Security

Sysdig

Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more. In this demo, I will show how to build a Apache image from a Dockerfile and deploy a PHP application which is present in an external folder using custom configuration files.

Docker - Demo on PHP Application deployment

Arun prasath

CoreOS and cloud provider integration: simple cloud-init example at Exoscale

Antoine COETSIER

On Tuesday, June 22nd Jonny Griffin, Security Engineer at Working Group Two, gave a presentation at a three day conference at GSMA FASG. In the last three years, Working Group Two has been developing a DevSecOps framework to ensure their cloud-native mobile core network is secure. Automating Cloud Security introduces the topics around cloud computing, DevSecOps, cloud-native Security Layers, and how WG2 built a security tool chain that can be leveraged by any organisation. As security is evolving so is WG2's capabilities for identifying, preventing, and responding to security events in our networks.

Automating cloud security - Jonny Griffin

Jonnathan Griffin

InSpec For DevOpsDays Amsterdam 2017

Mandi Walls

Securing the Infrastructure and the Workloads of Linux Containers

Massimiliano Mattetti

Erlend Oftedal, Blank Immutable infrastructure and serverless architectures have very interesting security properties. This talk will give an introduction to immutable infrastructure and serverless architecture and try to highlight some of the properties of such architectures. Next we will look at the positive effects this can have on the security of our systems, but also highlight some of the negative aspects and potential problems. At the conclusion of this sessions, we hope to have shed some light on the positive and negative security effects of such architectures.

There is No Server: Immutable Infrastructure and Serverless Architecture

Sonatype

J+s

happyuk

Comment améliorer le quotidien des Développeurs PHP ?

AFUP_Limoges

Chris OBrien - Pitfalls when developing with the SharePoint Framework (SPFx)

Chris O'Brien

Kubernetes Summit 2019 - Harden Your Kubernetes Cluster

smalltown

Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17. To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk. Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as: 1. Network security 2. Access control 3. Tamper management and trust 4. Denial of service and SLAs 5. Vulnerabilities Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats. Watch the webinar on BrightTalk: http://bit.ly/2bpdswg

5 Ways to Secure Your Containers for Docker and Beyond

Black Duck by Synopsys

NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core

NoSuchCon

Kubernetes security

Thomas Fricke

Container Security Mmanagement

Suresh Thivanka Rupasinghe

Docker based Architecture by Denys Serdiuk

Lohika_Odessa_TechTalks

Lions, Tigers and Deers: What building zoos can teach us about securing micro...

Sysdig

Stas Kolenkin & Taras Bobalo - CloudFlare Recon Workshop

NoNameCon

Cloud Application Security: Lessons Learned

Jason Chan

I got 99 trends and a # is all of them

Roberto Suggi Liverani

Semelhante a Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn (20)

Docker Runtime Security

Docker - Demo on PHP Application deployment

CoreOS and cloud provider integration: simple cloud-init example at Exoscale

Automating cloud security - Jonny Griffin

InSpec For DevOpsDays Amsterdam 2017

Securing the Infrastructure and the Workloads of Linux Containers

There is No Server: Immutable Infrastructure and Serverless Architecture

J+s

Comment améliorer le quotidien des Développeurs PHP ?

Chris OBrien - Pitfalls when developing with the SharePoint Framework (SPFx)

Kubernetes Summit 2019 - Harden Your Kubernetes Cluster

5 Ways to Secure Your Containers for Docker and Beyond

NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core

Kubernetes security

Container Security Mmanagement

Docker based Architecture by Denys Serdiuk

Lions, Tigers and Deers: What building zoos can teach us about securing micro...

Stas Kolenkin & Taras Bobalo - CloudFlare Recon Workshop

Cloud Application Security: Lessons Learned

I got 99 trends and a # is all of them

Mais de ContainerDay Security 2023

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. Confidential computing is a relatively new technology that allows one to keep workloads encrypted and isolated in memory during processing. If used correctly, confidential computing can shield workloads from the underlying cloud. It's the first technology that effectively prevents data access from the cloud provider and its employees, co-tenants, and hackers coming through the infrastructure. Constellation (https://github.com/edgelesssys/constellation) is an open-source K8s distro/engine that applies the confidential-computing concept to entire K8s clusters. Constellation ensures that all data in the cluster is always encrypted - at rest, in transit, and at runtime. Constellation also provides hardware-rooted "whole cluster" attestation with which the integrity of a cluster can be verified remotely. (This process partly relies on the amazing Sigstore project.) Operations-wise, Constellation is very much vanilla K8s and should work with existing tooling. It's easy to set up and the security features are largely transparent to the DevOps engineer. To run, Constellation requires the availability of "Confidential VMs", which are available in Azure, GCP and elsewhere. In this talk, I'll give an introduction to confidential computing, discuss the motivation behind Constellation, discuss the exciting use cases, give an overview over its architecture, and show a demo.

Constellation - The first always encrypted Kubernetes by Moritz Eckert

ContainerDay Security 2023

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. Nico will show how to prevent your Kubernetes cluster from being hijacked by introducing you to best practices as well as useful open-source projects based on real-world examples. You’ll learn everything you need to know to build and run secure Kubernetes clusters including: - basics like shift left and container image security - ensure supply chain security - implement Kubernetes policies - introduce Kubernetes network security - rely on Container Runtime Security - many more… Don't miss this session to learn everything you need to know to securely run your Kubernetes-based workloads.

How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl

ContainerDay Security 2023

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. The ClusterImageScanner detects images in Kubernetes clusters and provides fast feedback based on security scans. Security scans are for example image lifetime or detection of known vulnerabilities. This talk will give insights into: - The use cases of the ClusterImageScanner - The different scans - The architecture - A live demo The ClusterImageScannerScanner is OpenSource, get it from https://github.com/SDA-SE/cluster-image-scanner/.

Container Security Scanning by Timo Pagel

ContainerDay Security 2023

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. You’ve been hearing a lot about security best practices, but you’re not convinced they can really make a difference? Do you think your resources are safe only because nobody would notice your random IP address? If so – join my session! I’ll show you real-life attack scenarios to convince you that misconfigurations can have dire consequences.

Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •

ContainerDay Security 2023

Container Security Scanning by Timo Pagel

ContainerDay Security 2023

How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl

ContainerDay Security 2023

Hardening automation with Kubespray by Alessio Greggi

ContainerDay Security 2023

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. Cilium is the next generation, eBPF powered open-source Cloud Native Networking solution, providing security, observability, scalability, and superior performance. Cilium is an incubating project under CNCF and the leading CNI for Kubernetes. In this session we will introduce the fundamentals of Cilium Network Policies and the basics of application-aware and Identity-based Security. We will discuss the default-allow and default-deny approaches and visualize the corresponding ingress and egress connections. Using the Network Policy Editor we will be able to demonstrate how a Cilium Network Policy looks like and what they mean on a given Kubernetes cluster. Additionally, we will walk through different examples and demonstrate how application traffic can be observed with Hubble and show how you can use the Network Policy Editor to apply new Cilium Network Policies for your workloads. Finally, we’ll demonstrate how Tetragon provides eBPF-based transparent security observability combined with real-time runtime enforcement.

Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...

ContainerDay Security 2023

Constellation - The first always encrypted Kubernetes by Moritz Eckert

ContainerDay Security 2023

Cloud Hacking Scenarios by Michał Brygidyn

ContainerDay Security 2023

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. Kubernetes has become the de facto standard for container orchestration, and it is being widely adopted by organizations of all sizes. However, as with any complex system, there are a number of security challenges that need to be addressed in order to properly secure a Kubernetes deployment. In his talk, Koray will first show you some security problem areas in Kubernetes and then give an overview of various security tools such as image screening and auditing. You will learn how to run Kubernetes clusters securely and how to proactively counteract security challenges.

Lines of Defense - Securing your Kubernetes Clusters by Koray Oksay

ContainerDay Security 2023

Mais de ContainerDay Security 2023 (11)

Constellation - The first always encrypted Kubernetes by Moritz Eckert

How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl

Container Security Scanning by Timo Pagel

Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •

Container Security Scanning by Timo Pagel

How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl

Hardening automation with Kubespray by Alessio Greggi

Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...

Constellation - The first always encrypted Kubernetes by Moritz Eckert

Cloud Hacking Scenarios by Michał Brygidyn

Lines of Defense - Securing your Kubernetes Clusters by Koray Oksay

Último

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Real Time Object Detection Using Open CV

Khem

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn

1. How to approach Container Security from Open Source to Enterprise Stefan Trimborn Enterprise Sales Engineer Source Run

2. What’s better? OSS Enterprise

3. Why not both! OSS based Enterprise Solution

4. Creating a Falco rule and apply it

5. Out of the Box Rules Rules Update packages Modify /bin /usr Write below /etc Read sensitive file DB spawned proc Change namespace Privileged container Sensitive mount Terminal shell Best practices FIM (File Integrity) Privileged pod ConfigMap creds kubectl exec/attach Role changes audit PCI NIST Compliance CVE-2019-11246 kubectl cp CVE-2019-5736 runc breakout CVE-2019-14287 sudo bypass Vulnerabilities K8s control plane Nginx Elasticsearch Redis HAproxy Rook MongoDB PostgreSQL Cloud Native Stack

6. Create your own rules 6 Rules - macro: my_monitored_dir condition: fd.directory in (my_monitored_directories) - list: my_monitored_directories items: [/tmp]

7. Introducing… 7 Rules - rule: Write below my monitored dir desc: an attempt to write to any file below a set of my monitored directories condition: > evt.dir = < and open_write and my_monitored_dir and not package_mgmt_procs output: > Hey Admin - File below a monitored directory opened for writing (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline file=%fd.name parent=%proc.pname pcmdline=%proc.pcmdline gparent=%proc.aname[2] container_id=%container.id image=%container.image.repository) priority: ERROR tags: [filesystem, mitre_persistence]

8. Let’s do this!

9. Let’s do this!

10. Let’s do this!

11. Let’s do this!

12. 12 Let’s do this!

13. 13 Let’s do this!

14. 14 Let’s do this!

15. 15 Sweet! All the infos we need to remediate!

16. 16 Hello Sidekick! 16

17. Hello Sidekick! - Outputs https://github.com/falcosecurity/falcosidekick ● Chat (Slack, Teams, Google Chat,...) ● Metrics (Datadog, Influxdb, StatsD, Prometheus,...) ● Alerting, ● Logs (Elasticsearch,Loki...) ● Object Storage, ● Message Queue ● Email ● Web ● and more!

18. 18 https://github.com/falcosecurity/plugins There is more: Falco Plug-Ins!

19. Great! But… ● DIY - Installation, Roll Outs, Rule Updates, etc. ● Extra Work - No UI by default, No Plug-Ins ● Focus on Runtime Detection ● Community Support

20. Now for Enterprise

21. The best of both worlds ● Based on Falco - No need to start from scratch ● Based on OSS - Prometheus, OPA, Falco - Reuse your skills ● More than Runtime Detection - it’s a full CWAPP and CSPM Solution ● No manual management: UI, Plugins, Rules OOTB ● Premium Support based in Europe!

22. Configuration Management Infrastructure as Code Validation Vulnerability Management Threat Detection Incident Response •CI/CD pipelines, registries, and hosts •Prioritization based on in-use vulns • Capture detailed record for forensics • Block malicious containers / processes • CSPM / cloud misconfigurations • Cloud Inventory CODE BUILD RUN RESPOND Supply Chain Security Compliance • Cloud threat detection • Workload runtime security • Drift prevention • Block risky configs Securing VMs, Hosts, Kubernetes and Cloud Services Identity and Access Management • CIEM / least privilege • Prioritization based on in-use permissions

23. Shall we have a closer look at Sysdig Secure? • Prioritize what matters • Detect threats in real time • Fix fast with context Software Vulnerabilities Configuration & Access Risks Runtime Threats Compliance Cloud Infrastructure Containers/Kubernetes

24. 24 Curios? Want to discuss or see more? Visit us at sysdig.com Or contact me at: stefan.trimborn@sysdig.com

25. Cloud and Container Security from Source to Run

Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn

Semelhante a Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn (20)

Mais de ContainerDay Security 2023

Mais de ContainerDay Security 2023 (11)

Último

Último (20)

Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn