Detecting data exfiltration in your Kubernetes cluster is important but hard. Capturing the right data, especially encrypted data, in order to perform the analysis can be a hassle. Additionally, it can be a non-starter to export sensitive requests outside of the cluster to perform this analysis. In this talk, you’ll learn how Pixie (an open source, CNCF sandbox project), can be applied to attack this problem. Pixie’s auto-telemetry, in-cluster edge compute, and scriptability make it a powerful tool for anyone looking to identify data exfiltration attacks in their cluster. We’ll show a demo which will also be open source for attendees to reference later.

Speakers: Zain Asgarת GVP/GM of Pixie at New Relic, and Omid Azizi, Senior Principal Software Engineer of Pixie at New Relic.

Container breakout vulnerabilities seem to come and go in waves and after a long time of every breakout demo using DirtyCOW and WaitID, we now have a new wave of vulnerabilities to look at. There are a variety of issues including vulnerabilities in the Linux kernel, ContainerD and CRI-O. This talk will look at these issues, what mitigations will (and won't) work and how they can be detected and blocked in Kubernetes clusters.

Speaker: Rory McCrune, Cloud Native Security advocate at Aqua

In early 2022, nearly all vulnerability publications related to Kubernetes happened around Thursday-Friday, which means another lost weekend…but things can be done differently. In this session, Ben will reveal how ARMO's Kubescape team deploys controls that check whether a cluster is vulnerable within 2-3 hours since it's published with open source tools like Open Policy Agent and "rego" and still enjoy Saturday night!

Speaker: Ben Hirschberg, VP R&D at ARMO