Newsletter

January 2020 Cloud-native News

Hello, from all of us here at Sysdig! Some good news arrived with 2020, as Falco, the open source cloud-native runtime security project originally created by Sysdig, has been promoted from the Cloud Native Computing Foundation sandbox into incubation. That’s why in this newsletter we will be focusing on Falco and open source security.

Ping us @sysdig or on our open source Sysdig Slack group to share your feedback or to suggest topics we should include in future issues! You can find previous issues browsing the archive.


Sign up for our monthly Cloud-native News.



Industry buzz

Software libraries are under attack, be ready

Two malicious Python libraries were found on PyPI, jeilyfish and python3-dateutil. You may wonder how a malicious library can pass through PRs and QA tests? Then, you realize nobody is checking for a typo in a library name.
https://medium.com/@dmrickert/software-libraries-are-terrifying-4875b6a74be6

This is serious, and brings to light a deeper issue. Software developers are pulling third party libraries into their containers without control.
https://medium.com/better-programming/getting-serious-about-open-source-security-1d15609478fa

What can we do now? We prepared a guide with simple steps to protect yourself against these and similar attacks using Sysdig Secure and Falco rules.
https://sysdig.com/blog/malicious-python-libraries-jeilyfish-dateutil/

Announcing the Kubernetes bug bounty program

Security is an increasing concern for companies moving Kubernetes into production. The Kubernetes project is well aware of this, and they are doubling down their efforts towards eliminating vulnerabilities in their code base. A new bug bounty program offers rewards ranging from 100$ to 10,000$.
https://kubernetes.io/blog/2020/01/14/kubernetes-bug-bounty-announcement/

Want to learn more about Falco?

If you are new to Falco, this is our selection of our favourite articles to catch up.

Falco or Seccomp?

With seccomp you can further isolate your containers by defining which system calls can execute. These are some considerations to use seccomp in Kubernetes.
https://itnext.io/seccomp-in-kubernetes-part-i-7-things-you-should-know-before-you-even-start-97502ad6b6d6

Falco focuses on detection rather than enforcement. This is how seccomp, SELinux and Falco compare.
https://sysdig.com/blog/selinux-seccomp-falco-technical-discussion/

Incident response and container Forensics

When a container attack happens, you need to quickly respond and block the threat. But, how can you investigate once a container is gone? This talk gives some tips on where to start investigating, and how to prepare in advance.
Video: https://www.youtube.com/watch?v=MyXROAqO7YI
Slides: https://static.sched.com/hosted_files/kccnceu19/c4/KubeConEU%20-%2020190522%20-%20Container%20Forensics.pdf

As mentioned in the talk, Sysdig Inspect is the reference tool for container forensics, an open source project by Sysdig also available within Sysdig Secure.
https://github.com/draios/sysdig-inspect

When looking at automating responses and remediate security threats detected with Falco, don’t miss the Falco response engine.
https://sysdig.com/blog/oss-container-security-stack/

All these capabilities and much more, can be found on Sysdig Secure. Learn how Sysdig Secure extends Falco, integrating with your secure DevOps workflow.
https://sysdig.com/opensource/falco/

The Activity audit in Sysdig secure speeds incident response and enables audit by correlating container and Kubernetes activity, discover how.
https://sysdig.com/blog/cloud-native-incident-response/

Falco security audit

Being an open source project subjects you to constant public auditing, which increases your security and builds confidence in your product. Looking at making Falco more secure, an independent audit was recently passed.
https://falco.org/blog/falco-security-audit/

What’s New with Sysdig?

Falco joins CNCF incubation

Exciting times for the Falco community, being the first runtime security project accepted into the CNCF incubator. Congratulations!
https://www.cncf.io/blog/2020/01/08/toc-votes-to-move-falco-into-cncf-incubator/

Check out Falco’s accomplishments since joining the CNCF, and what this announcement means for its future.
https://sysdig.com/press-releases/falco-joins-cncf-incubation/

Image Scanning with Github Actions

The Sysdig Secure Inline Scan is now available on the Github Actions marketplace. Inline scanning allows you to analyze images without exposing them outside your build infrastructure or pushing them to a registry.
https://sysdig.com/blog/image-scanning-github-actions/

How to Monitor Kubernetes API Server

The API server is a key element of the Kubernetes control plane 🧠. Monitoring the API server is essential to detect and troubleshoot incidents before they impact your cluster.
https://sysdig.com/blog/monitor-kubernetes-api-server/


Meet us here:

In the coming months we’re headed to some exciting industry events. We’d love to talk to you and your team in person about your cloud-native journey.

OpenShift Commons Gathering
London | Jan 29

DevSecOps Day at RSA Conference
San Francisco | Feb. 24

RSA Conference
San Francisco | Feb. 24-28 | Booth #4220

Find more Sysdig events →
Browse the On-Demand webinars →