2025-03-31 –, The Nash
With Falco recently graduating from the CNCF, the project continues to evolve to address community challenges. The latest addition, Falco Talon, is a dedicated response engine for Falco.
In this talk, we’ll demonstrate building an API-driven response action for Microsoft Azure Kubernetes Service (AKS) to mitigate risks based on Falco’s system call detections and Retina's advanced network observability. Microsoft has already open-sourced Retina, an eBPF-based, cloud-agnostic Kubernetes Network Observability platform. While Retina is planned for CNCF donation, automating its activities based on Falco detections is a powerful novel use-case.
Retina monitors application and network security, allowing annotations to specify which Pods to observe. In our demo, we’ll showcase how a Falco detection triggers a Talon response action, automatically annotating workloads when insecure or unusual behaviour is detected, enhancing automation and security for Kubernetes environments.
-
Inspiration for Custom API-Driven Actions
Attendees will learn how Falco users can build and customise API-driven response actions in Falco Talon, offering a template for creating their own automated solutions to improve system security. -
Open-Source Collaboration and Future Contributions
With Retina already open-sourced and planned for CNCF donation, attendees will gain early exposure to a cutting-edge network observability tool from Microsoft and see how it can integrate with existing CNCF projects like Falco that continuously evolve to solve emerging industry needs. -
Practical Use-Cases for eBPF
By showcasing Retina and Falco’s integration, the talk offers actionable insights into leveraging eBPF-based observability and system call monitoring to address critical DevOps, SecOps, and compliance challenges. Regardless of your specific role in Kubernetes operations, this talk can be beneficial for you!
Nigel Douglas is the Head of Developer Relations at Cloudsmith. He champions Cloudsmith’s developer ecosystem by creating compelling educational content, engaging with developer communities, and promoting Cloudsmith as the go-to solution for artifact management and supply chain security. Working closely with product, engineering, and marketing teams, Nigel helps build and shape the DevOps community through events, tutorials, and innovative programs.
Before joining Cloudsmith, Nigel held similar roles in cloud-native OSS projects, including the CNCF Graduate Project Falco at Sysdig and Project Calico at Tigera. He earned a Master of Science in Cybersecurity, Privacy, and Trust from South East Technological University in Ireland.
Joe Yostos is a Product Manager at Microsoft, where he focuses on Container Networking Security and Observability. With a strong background in networking, security, and cloud-native technologies, Joe plays a key role in driving product development and delivering innovative solutions to optimize performance, security, and observability in containerized environments.
With over 15 years of experience across companies like Sysdig, VMware, Tigera/Calico, and Dell-EMC, Joe combines his deep technical expertise with a passion for solving complex challenges in the cloud ecosystem.