Detecting Kubernetes Security Threats with Falco

Поділитися
Вставка
  • Опубліковано 9 лис 2024

КОМЕНТАРІ • 19

  • @DevOpsToolkit
    @DevOpsToolkit  Рік тому +3

    What do you think of Falco? Is detection enough?

    • @bombaclotta
      @bombaclotta Рік тому +4

      Have you tried Tetragon from the eBPF high-flyers Isovalent?

    • @DevOpsToolkit
      @DevOpsToolkit  Рік тому +2

      @bombaclotta I did and I'm working in a video about it.

  • @IvanRizzante
    @IvanRizzante Рік тому +2

    Thanks for the video! I totally agree, Falco drives me crazy. I hate the number of warnings you get with Falco, having to fine tune the rules and all the ceremonies that come with it, even if there are no competitors at the moment. Plus I still haven't found a customer that uses it yet! But you can't prevent without observing things so I guess we need to stick with Falco for now

  • @vanrayan
    @vanrayan Рік тому +2

    Key thing is ensuring image immutability at runtime for any workloads, be it VM, K8s, Containers [Docker/Podman etc.] or Serverless. Look at Aqua security CWPP, it not only detects but also has the ability to block it.

  • @kevinyu9934
    @kevinyu9934 Рік тому +2

    The Falco video finally comes!

  • @edb75001
    @edb75001 Рік тому +1

    Very nice! I've been looking for something like this for my Homelab. Will definitely check this out...

  • @kevinyu9934
    @kevinyu9934 Рік тому +4

    Next, would you like to share your insights on Tetragon?

  • @farzadmf
    @farzadmf Рік тому +1

    Thank you for the video. Not sure if it's intentional or not, but the link for the gist is not a link :)

  • @MahomCloud
    @MahomCloud Рік тому +1

    Are there tools that do prevention on top of falco ?

    • @DevOpsToolkit
      @DevOpsToolkit  Рік тому

      Forget them. Use kubearmor for prevention.

  • @100faouri
    @100faouri Рік тому +1

    It would be interesting to talk about gVisor after this video

  • @vrabbi
    @vrabbi Рік тому +1

    I am a much bigger fan of kubearmor and find falco WAY TOO COMPLEX!!!!!

    • @DevOpsToolkit
      @DevOpsToolkit  Рік тому +1

      They are different though. Falco gives you information while KubeArmor prevents processes from running.
      You can think of this video as a preamble to KubeArmor which is in my TODO list.

    • @vrabbi
      @vrabbi Рік тому +1

      @@DevOpsToolkit kubearmor can also run in alert only mode which is nice to have 1 tool for both

    • @DevOpsToolkit
      @DevOpsToolkit  Рік тому +1

      That's true, but I find that part not to be as good as Falco. KubeArmor is focused on per-Pod basis which is great for prevention, but not necessarily for detection.