Back To Schedule
Wednesday, May 22 • 14:50 - 15:25
Container Forensics: What to Do When Your Cluster is a Cluster - Maya Kaczorowski & Ann Wallace, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
When responding to an incident in your containers, you don’t necessarily have the same tools at your disposal that you do with VMs - and so your incident investigation process and forensics are different. In a best case scenario, you have access to application logs, orchestrator logs, node snapshots, and more.
In this talk, we’ll go over where to get information about what’s happening in your cluster, including logs and open source tools you can install, and how to tie this information together to get a better idea of what’s happening in your infrastructure. Armed with this info, we’ll review the common mitigation options such as to alert, isolate, pause, restart, or kill a container. For common types of container attacks, we'll discuss what options are best and why. Lastly, we’ll talk about restoring services after an incident, and the best steps to take to prevent the next one.

avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Software Supply Chain Security, GitHub
Maya is a Product Manager for Software Supply Chain Security at GitHub. She was previously at Google, focused on container security, and encryption at rest and encryption key management. Prior to Google, she was at McKinsey & Company, and before that, completed her Master's in mathematics... Read More →
avatar for Ann Wallace

Ann Wallace

Security Lead, Google
Ann Wallace is the Security Lead for Google Cloud PSO and a PCI Internal Security Assessor (ISA) for Google. She works with customers to help make their workloads PCI compliant, and co-wrote Google’s guidance for running PCI compliant workloads on GKE. Before Google, Ann spent 14... Read More →

Wednesday May 22, 2019 14:50 - 15:25 CEST
Hall 8.0 B1