Falco works by looking at file changes, network activity, the process table, and other data for suspicious behavior and then sending alerts through a pluggable back end. It inspects events at the system call level of a host through a kernel module or an extended BPF probe. Falco contains a rich set of rules that you can edit for flagging specific abnormal behaviors and for creating allow lists for normal computer operations.
Sysdig sees into the Linux kernel via a kernel module or eBPF. It can therefore see everything that is happening on a Linux box. All processes. All IO. All users, all commands, all args. All containers.
Falco works by looking at file changes, network activity, the process table, and other data for suspicious behavior and then sending alerts through a pluggable back end. Falco contains a rich set of rules that you can edit for flagging specific abnormal behaviors and for creating allow lists for normal computer operations.
In this interview, conducted at KubeCon + CloudNativeCon (Barcelona), we discussed the state of security in the cloud-native world.
Recognizing that there is no such thing as perfect security, practitioners like to layer up to increase the chances of keeping the bad guys at bay, so-called defense in depth strategies. Container environments present some new challenges, so require a few additional security layers.
The container realm requires new thinking about security. Legacy tools that enterprises try to bring forward to secure their new container environments simply are not up to the challenge. And worse yet, many of the new container-specific security products are limited in scope, which means organizations that go that route will end up with a parcel of new siloed tools that require too much manual correlation.
In-Q-Tel — the intelligence community’s venture capital arm — this week disclosed another pair of investments in commercial technology outfits to determine how those companies’ offerings can be deployed to defense and IC agencies.
Applications deployed to a Kubernetes cluster in IBM Cloud will likely generate some level of diagnostic output (i.e., logs). As a developer or an operator, you may want to access and analyze different types of logs—such as worker logs, pod logs, app logs, or network logs—to troubleshoot problems and preempt issues.
The Cloud Native Computing Foundation’s flagship conference, KubeCon + CloudNativeCon Europe, is right around the corner, May 20 – 23, 2019 taking place this year in Fira Gran Via, Barcelona, Spain. Ahead of the show, VMblog was able to speak with Loris Degioanni, founder and CTO of Sysdig.
Sysdig has continued to expand the ways its customers can slice and dice the fine grained information it gathers about your cloud native applications, now with the beta launch of its Visibility and Security Platform (VSP) 2.0.