Loading…
Back To Schedule
Wednesday, May 22 • 14:50 - 15:25
Container Forensics: What to Do When Your Cluster is a Cluster - Maya Kaczorowski & Ann Wallace, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
When responding to an incident in your containers, you don’t necessarily have the same tools at your disposal that you do with VMs - and so your incident investigation process and forensics are different. In a best case scenario, you have access to application logs, orchestrator logs, node snapshots, and more.
In this talk, we’ll go over where to get information about what’s happening in your cluster, including logs and open source tools you can install, and how to tie this information together to get a better idea of what’s happening in your infrastructure. Armed with this info, we’ll review the common mitigation options such as to alert, isolate, pause, restart, or kill a container. For common types of container attacks, we'll discuss what options are best and why. Lastly, we’ll talk about restoring services after an incident, and the best steps to take to prevent the next one.

Speakers
avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Software Supply Chain Security, Tailscale
Maya is a Product Manager at Tailscale, providing secure networking for the long tail. She was mostly recently at GitHub in software supply chain security, and previously at Google working on container security, encryption at rest and encryption key management. Prior to Google, she... Read More →
avatar for Ann Wallace

Ann Wallace

Security Lead, Google
Ann Wallace is the Security Lead for Google Cloud PSO and a PCI Internal Security Assessor (ISA) for Google. She works with customers to help make their workloads PCI compliant, and co-wrote Google’s guidance for running PCI compliant workloads on GKE. Before Google, Ann spent 14... Read More →



Wednesday May 22, 2019 14:50 - 15:25 CEST
Hall 8.0 B1