Hi [[ session.user.profile.firstName ]]

Best practices for Forensics and Incident Response in Containers

Almost 5 years, 48,000+ github stars, and tens of thousand of production deployments later we can safely say containers are a technology that is a here to stay. Theyre developer friendly, easy to operationalize, and allow organizations to provide stable and secure services to their customers.

While there are clear best practices for what it takes to build and run containers, there isn't as much knowledge around the performing forensic analysis of incidents that occur inside your containers.

In this webinar we'll cover:

- How containers change incident response and forensics

- Best practices around forensic data collection in container environments

- Compare opensource and commercial forensics options

- A live demo of multiple forensics investigations using Sysdig Inspect: an opensource container forensics tool
Recorded Aug 1 2018 23 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Knox Anderson
Presentation preview: Best practices for Forensics and Incident Response in Containers

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Celebrating Three Years of Falco-based Container Protection Jun 20 2019 5:00 pm UTC 45 mins
    Michael Ducy, Director of Community & Evangelism, Sysdig
    The Falco community is celebrating three years of container protection from this open source run-time security project, born out of Sysdig and now part of the Cloud Native Computing Foundation. The project has come a long way since its initial release in 2016. We’ll cover those early days and talk about how the project - and the world of container security - has grown over the years. We’ll also cover the latest updates on Falco, including: adoption, ways it's being used, newly released features, and the upcoming roadmap. Whether you’re new to the world of container security or a seasoned expert, you’ll want to join to learn more about how Falco is evolving as the standard for container run-time security.
  • Kubernetes is Moving Fast and Breaking Things Recorded: May 16 2019 46 mins
    Sysdig experts: Apurva Dave – CMO & Payal Chakravarty – VP, Product Management
    As cloud-native adoption continues to accelerate in enterprises, organizations are increasingly gripped with the challenge of operating Kubernetes and container-based microservices in production. While these technologies have made it possible for developers to more quickly iterate and deliver their software, the operational challenges involved with this new platform presents a host of new challenges unlike anything enterprises have faced in the past.

    With such challenges, however, come great opportunities to radically rethink past problems and inefficiencies. Containerized, cloud-native platforms are no exception.

    Join us for this webinar, as we look at how core users of Sysdig’s visibility and security platform are leveraging our new release, focusing on:

    -The DevOps and Infrastructure team
    -The Security team
    -The Service Owner and their developers
  • Securing Kubernetes in Production Recorded: Apr 11 2019 59 mins
    Sysdig expert: Pawan Shankar, Sr. Manager Product Marketing
    An increasing number of enterprises are leveraging Kubernetes in production, yet do not foresee the inevitable changes to their infrastructure security and monitoring. As cloud-native architectures and a DevOps approach to development grow, learn more about best practices for implementing and scaling Kubernetes security in your organization.
  • 4 Best Practices to Meet Compliance Requirements in Kubernetes Environments Recorded: Mar 21 2019 45 mins
    Pawan Shankar, Senior Product Marketing Manager, Sysdig & Binoy Das, Solutions Architect, Amazon Web Services
    With the rise of technologies like Docker, Kubernetes, and underlying cloud infrastructures, enterprises are moving towards cloud-native architectures that leverage microservices to run their critical business applications. While this shift has tremendous business advantages, it also creates significant security and compliance challenges.

    In this webinar, Sysdig & AWS experts will explore the 4 key steps you must take to ensure you are continuously meeting your security and compliance requirements for your microservices stack. Learn how to:

    >Leverage compliance policies for scanning images in your CI/CD pipeline
    >Scan Kubernetes and Docker environments and visualize compliance posture
    >Enforce runtime container compliance
    >Investigate policy violations post-mortem by using forensics after container is disposed
  • Using eBPF for Container Monitoring, Security, and Forensics Recorded: Mar 7 2019 37 mins
    Sysdig experts: Eric Carter – Director of Product Marketing & Narayan Iyengar – Product Manager
    Modern apps built from isolated and often short-lived processes can leave blind spots in security and performance visibility. Join Sysdig to learn how tapping into Linux-native eBPF helps enable deep observability for your containers, hosts, networks, and more.

    In this session we’ll discuss:
    --What eBPF is and how it’s being used to deliver insight into cloud-native environments
    --How Sysdig uses eBPF for deep views into your containers, infrastructure, applications and events
    --Capturing detailed system activity for performing forensics and troubleshooting
    --Why eBPF is key to securing and monitoring purpose-built container platforms like Container-Optimized OS (COS) from Google Cloud and Project Atomic Host
  • Monitoring Modern Cloud-Native Workloads Recorded: Feb 21 2019 44 mins
    Eric Carter, Director of Product Marketing, Sysdig & Shadi Albouyeh, Offering Manager, Developer Services - IBM Cloud
    If you’re involved with developing applications, chances are you’re being tasked with adapting to cloud-native infrastructure and being able to support cloud-native workloads with solutions like containers and Kubernetes. Join this discussion with Sysdig and IBM Cloud, who have recently built a partnership focused on improving monitoring and troubleshooting for your modern DevOps services. Together, IBM and Sysdig have launched a new offering that provides end-to-end monitoring capabilities in the IBM Cloud. You’ll come away with a better understanding of key visibility challenges and solutions that will help you successfully deliver the apps that drive your business.
  • KubeCon Reflections & Kubernetes Insights for 2019 Recorded: Jan 24 2019 47 mins
    Eric Carter, Michael Ducy
    Kubernetes is now 3.5 years old, the technology has matured, and adoption of containerized applications orchestrated by Kubernetes has scaled beyond tiger teams.

    Enterprises are more comfortable with Kubernetes, and by default, more comfortable with containers.

    We predict that is only the beginning: Enterprises will migrate mission-critical, stateful applications to Kubernetes in droves in 2019. As a result, security and operational visibility needs are growing. Solutions that support enterprise-level capabilities, processes, and support become the requirement.

    Join an expert panel to:

    -hear observations and insights from KubeCon
    -learn about key usage data and trends
    -understand how Kubernetes and other open source and commercial technologies are evolving in the enterprise
  • Delivering secure, reliable containers: A Sysdig deep-dive Recorded: Oct 25 2018 55 mins
    Eric Carter
    If you’re moving to containers and microservices, monitoring and security should be at the top of your requirements list. With the extra layers of abstraction and orchestration of solutions like Kubernetes, you’re certain to find that approaches you’ve taken in the past with VM and bare metal-based apps are insufficient. Sysdig can help.

    Join this Sysdig platform webinar & demo to learn:
    - The visibility challenges to expect with containers, microservices and clouds
    - How Sysdig helps you to spot and eliminate vulnerabilities from dev to production
    - How to get the level of observability and context required for successful monitoring
    - Key ways to accelerate troubleshooting and forensics with containers
  • Running Containers in Production for Dummies Recorded: Oct 16 2018 62 mins
    Jorge Salamero Sanz, Eric Carter, Knox Anderson
    Given by the authors of the new book - Running Containers in Production for Dummies. Are you new to containers? Let’s quickly cover the basics to get you up to speed and started with deploying containers in production. In this 1h session we will walk through:

    Containers and orchestrators: why containers have revolutionized IT infrastructure, why do you need them and which orchestration technology is right for you.
    Setting up a CI/CD/CS delivery pipeline: how containers, continuous integration and delivery make your pipeline more agile and how it all fits together.
    Monitoring containers: why this is different and so hard. What are the different approaches and how do tools like Sysdig Monitor and Prometheus compare.
    Securing containers: security cannot be missed. What are best practices for container security, including vulnerability management with image scanning and compliance, runtime defense and forensics.
    This is plenty to cover, so be prepared to rock containers hard!
  • Secure Kubernetes with GKE and Falco Recorded: Oct 10 2018 45 mins
    Michael Ducy (Sysdig) & Andy Tzou (Google Cloud)
    Platforms such as Kubernetes make it easy to provide development teams access to the infrastructure resources they need to run their applications in a Cloud Native and scalable fashion. But what happens after your initial platform deployment and how can you provide a secure platform for development teams?

    In this webinar we’ll cover how to get started using Google Cloud’s managed Kubernetes offering, Google Kubernetes Engine. We’ll deploy a GKE cluster then show how to secure it using Sysdig’s open source project for intrusion and abnormality detect, Falco. We’ll cover the common concerns around security on Cloud Native platforms, and show how Falco provides the additional layer of security for the container runtime environment. Finally, we’ll show how to integrate Falco with Google Cloud Security Console to provide a consolidated view of security across your entire Google Cloud infrastructure.
  • Sysdig Monitor 3.0: Enterprise-grade Prometheus for Kubernetes Recorded: Oct 4 2018 44 mins
    Eric Carter, Director of Product Marketing
    Sysdig loves Prometheus! Attend this webinar to hear about our launch of enterprise-grade Prometheus monitoring with Sysdig Monitor 3.0. We've added new Prometheus capabilities and enhancements for our already rich Kubernetes monitoring. If you love Prometheus like we do, and your cloud environment is growing quickly, join us to learn more about what we’re doing with Prometheus, Kubernetes and more.
  • How to manage vulnerabilities in container environments Recorded: Sep 13 2018 23 mins
    Knox Anderson
    Containers have sped up the CI/CD process. It’s now easy to package up an application and deploy it in a matter minutes. This allows teams to move faster, and makes it easier to patch software that may contain vulnerabilities. However, this increase in speed has create a need for new processes and tooling.

    In this webinar we’ll cover:

    -How to scan images for vulnerabilities as part of the CI/CD process
    -Why it’s important to scan images in registries as well as part of the CI/CD pipeline
    -How to prevent vulnerable images from being deployed
    -How to alert if new vulnerabilities are found in images running in production
  • Multi-cloud monitoring with Sysdig Recorded: Sep 13 2018 32 mins
    Eric Carter
    Enterprises are taking advantage of AWS, Google, and Azure along with private data centers as they move toward a multi-cloud strategy. Thanks to container and orchestration technology, deploying and moving applications and services across clouds is easier than ever. But how do you monitor performance, health, and security across diverse, distributed infrastructure? And how do you see what’s happening inside your containers across clusters and regions to ensure you’re meeting your business goals?

    Watch this webinar to learn how Sysdig enables cross-cloud and multi-cloud monitoring, alerting, and troubleshooting with Docker and Kubernetes with full visibility into your microservices. In this session we will discuss and demo:

    -How to monitor containers running on multiple clusters in a multi-cloud environment
    -How to tap into EKS, GKE, and AKS to understand the health of your Kubernetes-based services
    -How to troubleshoot performance problems and failures across complex cloud deployments
  • Best Practices for Implementing Container Security Recorded: Aug 9 2018 57 mins
    Knox Anderson, Sysdig
    Containers have changed the way we build, deploy, run, and investigate what goes on with our applications. It’s critical to validate that you’ve configured your containers securely, they don’t include any vulnerabilities, and enforce they are doing what’s expected in production.

    In this webinar we’ll cover:

    -How to implement image scanning in your CI/CD pipeline
    -How to prevent vulnerable images from being deployed to production
    -Methods for detecting anomalous behavior inside containers
    -What’s required for forensics when the container may no longer be running
    -How to audit and report on compliance at each stage of your SDLC
  • Kubernetes Monitoring: Best Practices Recorded: Aug 8 2018 58 mins
    Eric Carter
    Kubernetes-orchestrated applications running on containers require a new approach to performance monitoring and troubleshooting. Join Sysdig for an overview of what you can expect when monitoring Kubernetes-based microservices and what to consider for optimal effectiveness. During this webinar you'll learn:

    - What are the key metrics and components to monitor in a Kubernetes environment?
    - How do containers complicate monitoring and what you can do to see inside?
    - When should you set alerts, and for what, to keep on top of cluster behavior?
    - What role do custom metrics (e.g., Prometheus) play for observing app behavior?
    - How do you troubleshoot in an auto-scaling, distributed environment?

    This webinar will include a demonstration of open source and commercial tools that can help you solve these new challenges. Attend to get insight that will help you operate Kubernetes deployments in development and production at any scale.
  • Building an Open Source Container Security Stack Recorded: Aug 2 2018 57 mins
    Daniel Nurmi from Anchore with Jorge Salamero Sanz & Michael Ducy from Sysdig
    Container security is top-of-mind for any organization adopting Docker and Kubernetes. In this session Sysdig and Anchore present how you can build a complete open source container security stack for Docker and Kubernetes with Falco and Anchore Engine.

    This session will live demo:

    -Using Falco, NATS and Kubeless to build a Kubernetes response engine and implement real-time attack remediation with security playbooks using FaaS.
    -How Anchore Engine can detect software vulnerabilities in your images, and how it can be integrated with Jenkins, Kubernetes and Falco.
  • Best practices for Forensics and Incident Response in Containers Recorded: Aug 1 2018 23 mins
    Knox Anderson
    Almost 5 years, 48,000+ github stars, and tens of thousand of production deployments later we can safely say containers are a technology that is a here to stay. Theyre developer friendly, easy to operationalize, and allow organizations to provide stable and secure services to their customers.

    While there are clear best practices for what it takes to build and run containers, there isn't as much knowledge around the performing forensic analysis of incidents that occur inside your containers.

    In this webinar we'll cover:

    - How containers change incident response and forensics

    - Best practices around forensic data collection in container environments

    - Compare opensource and commercial forensics options

    - A live demo of multiple forensics investigations using Sysdig Inspect: an opensource container forensics tool
  • Comparing Prometheus custom metrics to APM Recorded: Jul 31 2018 33 mins
    Eric Carter
    Use PROMETHEUS? Take our survey: https://www.surveymonkey.com/r/8SYCDQB

    Developers have numerous options for instrumenting code to monitor and troubleshoot application performance. When should you turn to custom metrics like Prometheus, statsd and JMX? When are tracing and APM the right fit? How do these solutions compare?

    Join us for our online session to learn:
    - The advantages and disadvantages of different approaches for application performance monitoring
    - When you should choose one solution over another and what the best use cases are for each
    - How to consolidate monitoring and accelerate troubleshooting when using multiple options
  • Open source Kubernetes run-time security with Falco Recorded: Jul 24 2018 20 mins
    Michael Ducy
    Effective security requires a layered approach. If one layer is comprised, the additional layers will (hopefully) stop an attacker from going further. Much of container security has focused on the image build process and providing providence for the artifacts in a container image, and restricting kernel level tunables in the container runtime (seccomp, SELinux, capabilities, etc). What if we can detect abnormal behavior in the application and the container runtime environment as well? In this talk, we’ll present Falco - an open source project for runtime security - and discuss how it provides application and container runtime security. We will show how Falco taps Linux system calls to provide low level insight into application behavior, and how to write Falco rules to detect abnormal behavior. Finally we will show how Falco can trigger notifications to stop abnormal behavior, notify humans, and isolate the compromised application for forensics. Attendees will leave with a better understanding of the container security landscape, what problems runtime security solves, & how Falco can provide runtime security and incident response.
  • Sysdig & SANS Institute: Forensics and Incident Response in Containers Recorded: Jul 20 2018 61 mins
    Knox Anderson, Sysdig and Jake Williams, SANS Analyst
    Almost 5 years, 48,000+ github stars, and tens of thousand of production deployments later we can safely say containers are a technology that is a here to stay. They’re developer friendly, easy to operationalize, and allow organizations to provide stable and secure services to their customers.

    While there are clear best practices for what it takes to build and run containers, there isn't as much knowledge around the performing forensic analysis of incidents that occur inside your containers.

    In this webinar we'll cover:
    - How containers change incident response and forensics
    - Best practices around forensic data collection in container environments
    - Compare opensource and commercial forensics options
    - A live demo of multiple forensics investigations using Sysdig Inspect: an opensource container forensics tool
The Cloud-Native Intelligence Company
Sysdig is the cloud-native intelligence company. We have created the only unified platform to deliver monitoring, troubleshooting, and security in a microservices-friendly architecture. Our open source technologies have attracted a community of over a million developers, administrators and other IT professionals looking for deep visibility into systems and containers. Our container intelligence platform monitors and secures millions of containers across hundreds of enterprises, including Fortune 500 companies and web-scale properties. Learn more at www.sysdig.com

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Best practices for Forensics and Incident Response in Containers
  • Live at: Aug 1 2018 4:00 pm
  • Presented by: Knox Anderson
  • From:
Your email has been sent.
or close