_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

Runtime Security — ochrana běžících aplikací

11. 12. 2023 1 min read intermediate

Statická analýza a skenování images nestačí. Runtime security detekuje anomálie v běžících kontejnerech a procesech.

Falco

Instalace

helm repo add falcosecurity https://falcosecurity.github.io/charts helm install falco falcosecurity/falco

Custom rules

  • rule: Crypto mining detected condition: spawned_process and proc.name in (xmrig, minerd) output: “Crypto miner detected (container=%container.name cmd=%proc.cmdline)” priority: CRITICAL
  • rule: Sensitive file read condition: open_read and fd.name in (/etc/shadow, /etc/passwd) output: “Sensitive file read (file=%fd.name container=%container.name)” priority: WARNING

Tetragon — eBPF based

Instalace

helm install tetragon cilium/tetragon -n kube-system

Policy — blokovat nežádoucí syscally

apiVersion: cilium.io/v1alpha1 kind: TracingPolicy metadata: name: block-privileged-syscalls spec: kprobes: - call: __x64_sys_ptrace selectors: - matchActions: - action: Sigkill

Key Takeaway

Falco pro detekci, Tetragon pro enforcement. Runtime security je poslední obranná linie.

securityruntimefalcokubernetes
Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

Container Runtime Security with eBPF and Cilium

Container security at the kernel level. eBPF, Cilium for network policies, Falco for runtime detection.

Container Security — Trivy, Falco

Bezpečné kontejnery. Image scanning, runtime security, best practices.

Kubernetes RBAC — Access Control in a Multi-Tenant Cluster

RBAC in Kubernetes 1.6 finally enables granular access control. How we set up isolation for multiple teams in a...