We’re gearing up (pun intended) for an exciting time next week in San Francisco, and we’re thrilled to kick it off on Sunday at BSidesSF at City View in the Metreon. We’re proud to sponsor and support this event – an amazing grassroots effort that unites the information security community to share knowledge. With this year’s steampunk theme, the conference promises to deliver inspirational talks, stimulating discussions, and of course, evenings filled with entertaining discourse and delectable libations.
We’ll have recruiters and engineers on hand at our StackRox table, so please come by and see us! We also have researchers and engineers giving three talks at the event. A short summary of each talk follows.
Sunday April 15, 4:15 pm KubeScope for the Extraordinary World of Containers By Tongbo Luo and Zhaoyan Xu
As development teams have rapidly embraced Google Kubernetes, its feature set has exploded, bringing the importance of securing the Kubernetes ecosystem into focus. In this session, learn about Kubescope, a new tool combining machine learning and rule-based detection strategies to profile orchestrator behavior. See a demo of how this research could help you secure Kubernetes deployments.
Monday April 16, 4:50 pm Pensieve: Finding Malicious Artifacts in Container Environments By Yathi Naik
Containerized environments present new challenges for security and forensics investigations. The orchestration and deployment of containers creates a distributed attack surface, made more complicated by containers rapidly being spun up and down. In this session, Yathi will show how to make use of Checkpoint and Restore in UserSpace (CRIU), Docker techniques, and other tools for gathering and retaining evidence of malicious adversarial activities in your environment.
Monday April 16, 4:50 pm Listen to Your Engine: Unearthing Security Signals from the Modern Linux Kernel By Robby Cochran
Observing all kernel events can be like descending into the steam-engine of an airship – the machinery of system calls can be arcane, complicated, and very, very noisy. Buried in this cacophony, though, can be indicators of privilege escalation, resource abuse, or side-channel attacks. In this session, Robby revisits the well-trodden system call but with fresh eyes (goggles). In a cloud-native world, sandboxing and deployment tools like containerization enable us to gain context for system calls so that we can both understand intent and surface anomalies.
We hope to see you at BSidesSF! Thanks to the organizers and volunteers who make this amazing community event possible. Stay tuned after the event for detailed blogs from our speakers on their research.