Joe Yostos
Joe Yostos is a Product Manager at Microsoft, where he focuses on Container Networking Security and Observability. With a strong background in networking, security, and cloud-native technologies, Joe plays a key role in driving product development and delivering innovative solutions to optimize performance, security, and observability in containerized environments.
With over 15 years of experience across companies like Sysdig, VMware, Tigera/Calico, and Dell-EMC, Joe combines his deep technical expertise with a passion for solving complex challenges in the cloud ecosystem.
Session
With Falco recently graduating from the CNCF, the project continues to evolve to address community challenges. The latest addition, Falco Talon, is a dedicated response engine for Falco.
In this talk, we’ll demonstrate building an API-driven response action for Microsoft Azure Kubernetes Service (AKS) to mitigate risks based on Falco’s system call detections and Retina's advanced network observability. Microsoft has already open-sourced Retina, an eBPF-based, cloud-agnostic Kubernetes Network Observability platform. While Retina is planned for CNCF donation, automating its activities based on Falco detections is a powerful novel use-case.
Retina monitors application and network security, allowing annotations to specify which Pods to observe. In our demo, we’ll showcase how a Falco detection triggers a Talon response action, automatically annotating workloads when insecure or unusual behaviour is detected, enhancing automation and security for Kubernetes environments.