Stay Ahead of Evolving Threats with Falco

This workshop, sponsored by Sysdig and Google, is perfect for anyone looking to deepen their expertise in Kubernetes and cloud-native security. Whether you're new to the field or an experienced Kubernetes threat detection engineer, you'll discover how to leverage Falco to craft detection rules that extend MITRE ATT&CK coverage. By the end of the session, you'll clearly understand managing threat detection in Kubernetes and the challenges of validating complex rule sets.

What can you expect from attending?

• Strengthen Security Posture: Create custom Falco rules to address the MITRE ATT&CK framework using Atomic Red Team
• Real-Time Threat Detection: Learn to operationalise rules aligned with frameworks like MITRE, NIST, HIPAA, and SOC2, reducing noise and false positives
• Automated Defence: Automate Falco updates with expanded threat intelligence using falcoctl, seamlessly integrating with your cloud-native setup
• Falco Feeds by Sysdig: Enhance open-source Falco with automated, continuously updated security rules from Sysdig's Threat Research Team

Workshop Agenda:

• 2:00pm: Opening Remarks from Sysdig and Google
• 2:15pm: Detecting Threats in Kubernetes (Hands-on, Instruqt)
• 3:30pm: Responding to Threats in Kubernetes (Instruqt)
• 5:00pm: Networking Reception
• 6:00pm: Workshop Close