Stefano Chierici Relatore

Stefano Chierici is a security researcher in Sysdig where his research focuses on defending containerized environments and cloud environments from attacks ranging from web to kernel. Stefano is one of the Falco contributors, an incubation level CNCF project. He studied cyber security in Italyand, before joining Sysdig, he was a pentester and obtained the OSCP Certification in 2019. He was a security engineer and a red team member.
  • Falco + Falcosidekick = Create your own Kubernetes security Response Engine Falco is a CNCF open-source container security tool designed to detect anomalous activity in your local machine, containers and Kubernetes clusters. It taps into the Linux kernel system calls and Kubernetes Audit logs to generate an event stream of all system activity. One of the benefits of Falco is leveraging its powerful and flexible rules language. As a result, Falco will generate security events when it finds abnormal behaviors as defined by a customizable set of rules. Meanwhile, Falco comes with a handful of out-of-the-box detection rules. The Falco community is strong and active, contributing largely to the project and methods to integrate it. Falcosidekick was born providing an easy to use UI to Falco and infinite ways to integrate it with external ecosystems. One of those is using serverless (lambda, knative, kubeless, openfaas) functions to create a response engine capable of performing an specific action or a playbook of actions in case abnormal behaviours happen in your environment. Falco + Falcosidekick along with a serverless function can be used together to create a powerful K8s response engine to automatically respond and mitigate attacks. By implementing different playbooks of actions it is also possible to create a specific response for each attack category or attack severity, based on the alert triggered in the environment. - 10:45/11:30, 06 Nov 2021