Cloud Threat Detection & Response with Sysdig

Enhancing your security by effectively detecting and responding to threats within your cloud-native environments.

This course navigates the spectrum of runtime security, guiding users through the phases of Detect, Analyze and Respond across diverse environments, including hosts, clusters, and the cloud.

The session includes fully integrated labs built into the platform we provide, so you can focus entirely on learning without worrying about any setup or overhead.

Session Structure:
-The training will include two 45-minute labs with a 15-minute break in between.
-Time for Q&A will be available throughout the session, ensuring that participants can clarify concepts and deepen their understanding.

Why Attend?

Hands-On Learning!

  • Detect and respond to runtime attacks
  • Save time with Falco and pre-built policies
  • Strengthen defenses against modern threats
  • Gain skills through demos and takeaways

Key Takeaways:

  • Pre-Built Policies: Spot suspicious activity.
  • Attack Simulation: Investigate real-world exploits.
  • Quick Responses: Automate threat containment. 
  • Advanced Security: Strengthen runtime defenses.
Topics Covered:

Introduction to Runtime Security
- Overview of Threat Detection & Response
- Basic Falco elements: rules, lists, macros, exceptions, and usage in Sysdig.
Threat Detection Policies
- Pre-configured detection policies for cloud environments and workloads.
- How to customize and fine-tune policies to meet specific needs.
Simulating a Real Attack
- Reproducing a vulnerability exploitation (e.g., CUPS attack).
- Understanding attack vectors and behaviors in your environment.
Attack Investigation Techniques
- Utilizing Notifications and Events for real-time alerts.
- Leveraging Activity Audit and Captures for detailed analysis.
Threat Response Strategies
- Implementing automated responses to contain threats.
- Post-forensics investigation and remediation best practices.
Enhancing Runtime Security Posture
- Advanced techniques to strengthen security in runtime environments.
- Continuous improvement practices for reducing risk.