WTF my container just spawned a shell
While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of containers in production. That’s why we created Sysdig Falco, the open source behavioral activity monitor for containerized environments.
Sysdig Falco can detect and alert on anomalous behavior at the application, file, system, and network level. In this session get a deep dive into Falco: - How does behavioral security differ from existing security solutions like image scanning? - How does Falco work? - What can it detect? Building and customizing rules - Next steps