Name: Prevention in Kubernetes: Getting Started with Pod Security Policies
Start: 2020-05-19T17:00:00Z
End: 2020-05-19T17:01:02.000Z
Location: BrightTALK

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights, a unique AI architecture, and open source Falco. Sysdig delivers live visibility by correlating signals across cloud workloads, identities, and services to uncover hidden attack paths. By knowing what is running, teams can prioritize the vulnerabilities, misconfigurations, permissions, and threats that matter most. From prevention to defense, Sysdig helps enterprises move faster and focus on what matters: innovation.

Sysdig. Secure Every Second.

On December 8 2025, the Sysdig Threat Research Team (TRT) reported that an APT-level threat actor had deployed EtherRAT, a novel Ethereum-based implant, in React2Shell attacks. The malware goes beyond the initial React2Shell cryptomining attacks, blending command and control (C2) traffic into blockchain activity and aggressively harvesting credentials.

Emerging quickly after the disclosure of the critical React2Shell vulnerability (CVE-2025-55182), EtherRAT represents a significant evolution in attacker tradecraft, blending blockchain-based command and control (C2) with advanced persistence and multi-module capabilities.

In this 30-minute briefing, Sysdig Threat Research breaks down how this implant leverages the Ethereum blockchain for resilient and hard-to-block C2, executes all payloads in memory using Node.js, and delivers five distinct operational modules post-compromise: system reconnaissance, credential harvesting, a self-propagating worm, web server hijacking, and SSH backdoor installation.

The session also explores:

- The unique blockchain C2 design and how it complicates traditional detection and takedown efforts
- The role of fileless execution and Node.js runtime abuse in evading security controls
- Real-world implications for defenders and how cloud security teams can improve threat visibility and response

Inside EtherRAT Blockchain Powered Malware Delivery

Kubernetes moves fast — and so do its security challenges. Between nonstop deployments, complex configurations, and overwhelming alerts, teams struggle to stay ahead of risk. What if AI could partner with you to cut through the noise and secure Kubernetes from build to runtime?

Join this webinar to see how Agentic AI is transforming Kubernetes security — helping teams reason about risk, prioritize threats by business impact, and automate response with precision.

You will hear about how to:
Accelerate vulnerability management with AI-driven prioritization and remediation guidance.
Strengthen posture management across clouds, clusters, and workloads with intelligent insights.
Respond faster to real-time threats using AI-assisted investigation and action.

Securing Kubernetes with Agentic AI From Noise to Clarity EMEA

Securing Kubernetes is one of the most difficult challenges in cloud security. From vulnerability and posture management to real-time threat detection, the rapid deployment cycles and complexity of containerized environments make it difficult to keep up. Now imagine an approach where Kubernetes security is supercharged by AI that actively partners with you across the entire security lifecycle — from build to runtime. 

Agentic AI is reshaping how organizations secure Kubernetes by reasoning about risk signals, prioritizing risks in a business context, and automating workflows to resolve threats quickly and effectively.

In this webinar, we’ll explore what’s possible when agentic AI is applied to Kubernetes security:
- Accelerating vulnerability management with intelligent prioritization that cuts through noise, automates remediation guidance, and saves you hours of time per week
- Strengthening posture management with AI-driven insights and analysis across clouds, clusters, workloads, and configurations to stay ahead of risk
- Responding to threats in real time by providing rapid insights and guiding responses to stop threats and minimize exposure fast.

Join us for the discussion and a live demonstration of agentic AI in practice — powered by Sysdig Sage™, the industry’s first agentic cloud security analyst. Kubernetes moves fast. You can move faster with cloud security, the right way.

Securing Kubernetes with Agentic AI: From Noise to Clarity

Cloud environments move fast. Security teams can’t afford slow, manual response when incidents happen. That’s why modern organizations are shifting from reactive processes to continuous detection, runtime visibility, and automated remediation.

Join this 30-minute interactive Lunch & Learn to discover how to:

- Cut through the noise with cloud detection and response (CDR) that prioritizes what matters.
- Respond at runtime with inline response actions that stop threats before they spread.
- Automate compliance and remediation, reducing manual work while strengthening your security posture.
- Simplify operations with actionable workflows designed for cloud-native scale

You’ll walk away with practical insights on how to streamline incident response in the cloud—so your team spends less time chasing alerts and more time driving business forward.

Register today to see how automation can help you stay secure and compliant, without the complexity.

Streamlining Incident Response in the Cloud

In September 2025, researchers observed a supply-chain campaign in the NPM ecosystem using self-replicating malware to spread across maintainers’ packages. After executing during postinstall, the worm conducts local discovery, hunts for GitHub/NPM/cloud credentials, drops a malicious GitHub Action to exfiltrate secrets (often via webhook[.]site), and republishes infected versions of all packages owned by a compromised maintainer — accelerating propagation to hundreds of packages.

What You’ll takeaway:
- How Shai-Hulud works — post-install execution  (bundle.js), local discovery, credential theft, GitHub Action persistence, and automated NPM republishing.
- Why it’s a big deal — novel self-propagation within the NPM ecosystem; rapid spread to ~200 packages in the first 24 hours.
- How to detect it — runtime signals (e.g., suspicious bundle.js activity, trufflehog execution, outbound calls during install, unusual public repo creation) and detections available in Sysdig Secure and Falco. 
- What to do now — inventory checks for affected packages, version pinning/rollback, credential rotation, blocking npm where needed, and GitHub hygiene.

Shai Hulud The self replicating NPM worm

AI workloads present unique security challenges across the software lifecycle - from ingesting open-source dependencies to protecting live, containerised applications in production. In this fast-paced 40-minute session, experts from Cloudsmith and Sysdig
will guide you through securing your AI pipeline at every stage.

What You'll Learn:

- How to detect vulnerabilities in popular AI packages and enforce provenance early using Cloudsmith’s secure artifact registry
- Why integrating source vulnerability data from CVSS and EPSS with OPA in your CI/CD pipeline is critical for the extensive AI package ecosystem.
- How runtime protection with Sysdig detects real-time threats, kills compromised processes, and prevents drift in production workloads.
- End-to-end strategies to harden Kubernetes-deployed AI applications from source registry through to system calls that come from in-use containers.

Securing AI Workloads From Secure Registry to Runtime

Meet your new AI-powered teammate: Sysdig Sage
Join us for a front-row look at the future of cloud security — where agentic AI takes on the complexity so your team can focus on what really matters. Powered by the industry's first agentic cloud security platform, Sysdig Sage™ acts as your AI-powered teammate: cutting through the noise, understanding business context, and driving better outcomes — fast.

In this live session, Sysdig Founder & CTO Loris Degioanni and AI & Cybersecurity Product Strategist Emanuela Zaccone will explore how semantic analysis and agentic AI are changing the game. You'll get a firsthand look at how Sysdig Sage works in production, accelerating everything from risk identification to remediation, with a live demo of agentic vulnerability management in action.

Security leaders and practitioners face a tough reality: Too much data. Too little context. Not enough time.

Sysdig Sage flips the script, delivering a smarter, faster, outcome-driven approach that:
• Reduces exposure time from days to minutes: By reasoning through risk signals in real time, Sysdig Sage eliminates 98% of the noise and focuses your team only on what truly matters.
• Automates the full lifecycle of vulnerability management: From discovering critical risks to issuing batch remediation tickets — all with clear ownership and actionable context — Sysdig Sage works like a full-time security analyst (without the headcount).
• Gives your team 80+ hours a week back: Agentic AI agents handle tedious triage and prioritization, freeing up your experts to tackle strategic, high-value initiatives.
• Builds real-time risk visibility and board-ready reporting: Track security posture and demonstrate risk reduction with metrics and insights designed for stakeholders at every level.

Say goodbye to the noise, burnout, and blackbox AI. Say hello to cloud security the right way — with intelligence that thinks, reasons, and acts on your behalf.

See the Future of Cloud Defense: Agentic Cloud Security in Action

This session lets you test your cybersecurity skills against an AI chatbot. Can you trick the AI into revealing sensitive information? As you attempt to breach its defenses, Sysdig’s platform monitors every move, detecting and responding to threats in real time.

Break the Bot The Ultimate AI Challenge

When containers live only seconds and AI reshapes workloads, security can’t afford to blink. How do you stay ahead? Join three pioneers of open source as they dig into why security pros are leaning into OSS to secure ephemeral environments, tackle machine identity sprawl, and stay ahead of threats like LLM-jacking—all while keeping velocity high.

For analysts and teams tasked with keeping systems both agile and secure, the question is urgent: how do we protect modern infrastructures without slowing innovation? Open source is increasingly the answer. From runtime threat detection with Falco to packet-level insights with Wireshark and the orchestration power of Kubernetes, open-source tools are fueling a new era of cloud security that’s transparent, community-driven, and adaptable.

In this one-of-a-kind roundtable, you’ll learn:
- AI workloads are up 500%—but so are novel threats like LLM-jacking
- Why machine identities are 7.5x riskier—and exponentially more numerous
- How open-source security fosters transparency, autonomy, and adaptability
- Realistic strategies for teams who want OSS benefits without full DIY burden
- How community innovation, mentorship, and education can close the skills gap

Speakers:
- Loris Degioanni, Creator of Falco & CTO/Founder, Sysdig
- Gerald Combs, Creator of Wireshark & Director of Open-Source Projects, Sysdig
- Craig McLuckie, Co-Creator of Kubernetes & Stacklok, CEO Stackloc VP R&D, VMware by Broadcom

Whether you’re deploying Kubernetes clusters, managing runtime security, or exploring AI workloads, this is your chance to hear directly from the innovators shaping the future of DevOps security.

Packets, Pods & Prompts: Why Open Source is the Future of Cloud Security

Security teams responsible for vulnerability management are under constant pressure balancing SLAs, compliance requirements, and thousands of cloud vulnerabilities. While many tools claim to help by identifying the riskiest issues, knowing what’s critical doesn’t always translate into fast or effective action.

Organizations need to rethink vulnerability remediation. This session will explore how Sysdig empowers teams to act faster with AI-powered guidance that highlights impactful fixes, reduces manual effort, and delivers measurable risk reduction, without disrupting development.

In this session, you’ll learn how Sysdig:
● Accelerates remediation by focusing on high-impact fixes that reduce the most risk quickly without introducing breaking changes
● Eliminates recurring issues by resolving vulnerabilities at the source, preventing them from resurfacing in future builds
● Saves time and boosts efficiency with AI-powered recommendations combining environment-specific context with natural language guidance

Knowing Isn’t Fixing: Modernizing Vulnerability Remediation with AI-Driven Action

In this 30-minute webinar, Sysdig expert Dan Belmonte dive into the unique security challenges of multicloud AI deployments and offer practical strategies to overcome them. Discover how to gain visibility, define a solid AI security posture (AI-SPM), and continuously detect threats—across all your cloud providers.

Practical AI Security in Multicloud Environments

Join ex-Royal Mail CISO Jon Staniforth, Sysdig Field CISO Alex Lawrence, and Director of Business Value Engineering David Koppe as they cook up the perfect pizza while breaking down cloud security challenges with expert advice and real-world insights. Here’s what you can expect in this episode:

Strong security starts here: Learn how to build solid foundations for cloud security and future-proof your strategy.
Teamwork that delivers: Discover the recipe for crafting high-performing security teams that drive success.
Stay ahead of risk: Master the tools and strategies to tackle challenges and adapt to an evolving threat landscape.

 For more info, visit sysdig.com!

Sysdig Slice Ep.01: Serving Up Hot Cybersecurity Tips with a Side of Pizza!

Cloud-native environments have introduced new complexities, making traditional troubleshooting and security methods less effective. Stratoshark builds on the open-source legacy of Wireshark, Sysdig OSS, and Falco to deliver deep visibility by unifying system call and log analysis. With its intuitive, developer-friendly interface, Stratoshark simplifies complex investigations, accelerates incident response, and bridges critical cloud observability and security gaps.

In this session, you’ll discover:
-  How unified system call and log analysis enhances visibility and simplifies troubleshooting in dynamic cloud environments.
  -  Strategies for using Stratoshark’s intuitive interface to streamline investigations and accelerate incident response.
  -  Ways to integrate Stratoshark into your existing workflows to close critical visibility gaps and strengthen security posture.
  -  Explore how this groundbreaking tool is transforming cloud monitoring and security, empowering teams to tackle the challenges of modern infrastructures with clarity and confidence.

Stratoshark: Revolutionizing Cloud System Call and Log Analysis

From Zero to CK(A)(S) Hero: Insider Tips & K8s Certification Exam Strategies - Live Q&A - CNCF Ambassador Saiyam Pathak

The cloud security landscape changed overnight. With Google’s 30B+ Dollar acquisition of Wiz, CISOs, security leaders, and multi-cloud teams are left asking: What happens next?

What does this acquisition mean for you?
How does it impact the pace of innovation, cloud partnerships, and security stacks?
What is the future of cloud security, the impact of AI, and where the industry is headed?

Join Sysdig CISO Sergej Epp, former Global Head of Cyber Forensics and Cyber Hygiene Operations at Deutsche Bank and Field CISO at Palo Alto Networks, as he is joined by Matt Stamper, CEO of Executive Advisors Group and multi-time CISO, and James Berthoty, Founder and Analyst at Latio Tech, as they break it all down!

The three will host a lively chat about what this acquisition means for the industry, share insights from both sides of a major acquisition like this, and discuss real options for CISOs evaluating their next move.

Gee Wiz: What a 30B Dollar Acquisition Means for Cloud Security and AI

Our cloud environments are buzzing with alerts—but how many of them actually matter? In a world where attackers move fast and alerts never stop, it’s easy to miss the threats hiding in plain sight.

This session delivered by Bruno Da Silva, Sysdig, dives into practical, no-nonsense ways to filter out the noise and focus on the risks that really need your attention. We’ll break down how in-use compliance data, risk prioritization, and Attack Path Analysis (APA) can help you find the needle in the haystack—before it turns into a fire.

Key Takeaways:

- Silence the Static: Tired of alert fatigue? Learn how to tune out the noise and zero in on real threats
- Spot What Actually Matters: Use real-world compliance and risk insights to uncover vulnerabilities that attackers can exploit.
- Fast, Focused Response: Get practical techniques to detect, analyze, and respond to threats before they escalate.

Alert Overload: Cutting Through Cloud Chaos to Find Real Threats

Kubernetes Pod Security Policies (PSPs) is an enforcement mechanism to ensure that Pods run only with the appropriate privileges and can solely access the appropriate resources. You can leverage them as a threat prevention mechanism by controlling Pod creation, and limiting the capabilities available to specific users, groups, or applications.

Join this Kubernetes Security Master Class to learn:
- How to get started with Pod Security Policies (PSPs) and how they implement robust security for your Kubernetes clusters
- Key challenges of using PSPs today
- Best practices for using PSPs in production
- How Sysdig Secure can help you adopt PSPs in your environment

Prevention in Kubernetes: Getting Started with Pod Security Policies

Kubernetes

Monitoring

Prometheus

DevOps

DevSecOps

Containerization

IT Security

Enterprise IT

Cloud

Cloud Native

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Prevention in Kubernetes: Getting Started with Pod Security Policies

Presented by

About this talk

Sysdig