Wednesday, May 22 • 14:50 - 15:25
Container Forensics: What to Do When Your Cluster is a Cluster - Maya Kaczorowski & Ann Wallace, Google

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
When responding to an incident in your containers, you don’t necessarily have the same tools at your disposal that you do with VMs - and so your incident investigation process and forensics are different. In a best case scenario, you have access to application logs, orchestrator logs, node snapshots, and more.
In this talk, we’ll go over where to get information about what’s happening in your cluster, including logs and open source tools you can install, and how to tie this information together to get a better idea of what’s happening in your infrastructure. Armed with this info, we’ll review the common mitigation options such as to alert, isolate, pause, restart, or kill a container. For common types of container attacks, we'll discuss what options are best and why. Lastly, we’ll talk about restoring services after an incident, and the best steps to take to prevent the next one.

avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Google
Maya is a Product Manager in Security & Privacy at Google, focused on container security. She previously worked on encryption at rest and encryption key management. Prior to Google, she was at McKinsey & Company, and before that, completed her Master's in mathematics focusing on cryptography... Read More →
avatar for Ann Wallace

Ann Wallace

Security Global Practice Lead, Google
Ann Wallace is the Global Security Practice Lead for Google Cloud PSO, helping customers become more secure in GCP. Ann is heavily involved with Women Who Code Portland and has presented at several cloud conferences. Before Google Ann spent 14 years at Nike in various engineering... Read More →

Wednesday May 22, 2019 14:50 - 15:25
Hall 8.0 B1