Docker Docker

Hacked! Run Time Security for Containers

Containers have the potential to improve your security posture in production, but the black -box nature of containers and the complexity of distributed microservices present new challenges that InfoSec and DevSecOps teams may not be ready for yet. Common approaches like scanning and container signatures will get you part of the way, but what happens when your production environment is hit by a zero day threat or unknown event? Do you have the capabilities to detect and protect against that incident? In this session we will present a robust solution for implementing run-time security monitoring, policy enforcement, and forensics using activity signals based on system calls. We’ll cover topics such as: How do I see activity originating within containers? What does it take to apply policies consistently across all containers that make up a micro service? How can I get a service-oriented view of container activity based on Docker Data Center or Kubernetes metadata, for the purposes of auditing or forensics? What can I leverage in open source to make this happen? You’ll walk away from this talk understanding what types of events to look for, how to alert on them, and what you need to do deep forensics in the event of an incident. Speaker: Gianluca Borello