Jason Dellaluce
Tech Lead Manager, Sysdig
Actions
Jason Dellaluce is an Senior Engineer and Manager at Sysdig and a core maintainer of Falco, the CNCF tool for Cloud Native Runtime Security. On a daily basis, he contributes to the Falco Community and is exposed to Linux, Kubernetes, Containers, Security, eBPF, and the Open Source world in general. He contributed to Falco by playing a key role in the development of the new plugin system, by upgrading and engineering the rules language, by managing few relevant releases, and by leading many resource-usage optimizations and renovation efforts. Prior to his current role, Jason graduated from a MSc in Computer Engineering after studying at University of Bologna, Italy and University of California, Irvine.
Links
Falco: A Grand Promenade Through Cloud Native Runtime Security
In the bustling world of cloud-native runtime security, Falco is a reliable and effective real-time threat detection and compliance violation monitoring project and stands as an unwavering companion for your needs. Journey through Falco’s remarkable transformation, from its incubation days to its current standing as a CNCF-graduated project, witnessing its pivotal milestones: adept threat detection, intuitive rule structuring, performance enhancements catering to a burgeoning community, an adaptable plugin framework, enhanced user-friendliness, and a robust governance structure ensuring sustained success. Continuing this trajectory, Falco remains dedicated to relentless advancement, continuously refining its capabilities to detect stealthy cyber threats. Join us in celebrating Falco’s legacy and embracing its promising future.
Reliable and Cost-effective Cloud Security with Falco
As the modern cloud grows in complexity, container security based on attack prevention and surface reduction become less effective. Most new cloud environments collect activity logs and store them for later inspection, which consumes lots of storage and loses the benefits of runtime visibility, or apply fine-grained runtime control on access and operations, which is more intrusive and brings scalability concerns. Falco, the Cloud Native Runtime Security tool, offers an open source alternative based on non-invasive runtime detection and low resource consumption. Falco is like a security camera that observes all the activity in your system and alerts you whenever suspicious behavior is detected. Historically, Falco was focused on containers and system security by observing data coming from the Linux kernel, but has more recently evolved to also bring real-time telemetry over logs of cloud services. In this talk, you’ll learn the basics of the project and how you can employ it as an open-source all-in-one solution for detecting malicious attacks in a faster and cost-effective manner and for securing your applications and cloud infrastructure.
The Falco Playground: a Cocktail of WebAssembly and Runtime Security
Falco is a CNCF tool for Runtime Security, for both Linux systems and cloud logs, and the highest adopted threat detection project for Kubernetes. Its powerful engine is configured with a simple rule language based on YAML. However, the community still lacks an official IDE for writing and playing with Falco rules.
Past attempts always met friction due to the Falco engine's lack of portability, being written in C++ for its performance and low-level programming requirements. Wait, can't C++ be compiled into WebAssembly nowadays? If so, can't Falco run on a browser?
That's how Jason and Rohith, a core maintainer and a contributor of Falco, developed a backend-less Falco Playground web app for the Google Summer of Code. Join this session to learn how they ported a large production-grade C++ codebase to WASM, with the unique tech mix-up of web development and a thread detection tool for the Linux kernel.
Falco can now run anywhere: are there new runtime detection opportunities too?
Falco's Discovery of the Modern eBPF World
eBPF is an amazing technology but it brings to the table some pitfalls like the well-known portability issues and the continuous fights with the kernel verifier. Falco, the CNCF runtime security project, faces these challenges day by day trying to support a wide spectrum of kernels, but now things are changing! This talk presents the ongoing effort from the Falco community to build a modern eBPF probe that leverages the most exciting novel features! What are the challenges involved? What are the benefits of this approach and how can we leverage them? Andrea and Jason will answer these questions by sharing their experience and by providing some development guidelines and best practices. The session will dive into the use of modern BPF features such as `ring-buffer`, `global variables`, and `BTF-enabled programs`, showing concrete production-ready examples!
Avoid an ill Wind and Catch the Jet Stream – Using Falco To Detect Attackers & Compliance Violations
As a widely embraced cloud native runtime security tool, Falco is a reliable and effective real-time threat detection and compliance violation monitoring project essential for your needs in today’s dynamic environments. Get wind of happenings in your diverse infrastructure through Falco’s new rules maturity framework; designed to ease your onboarding experience with Falco detections and accompanied by contribution, tuning, and style guides. With improved performance tailored specifically for our expanding pool of adopters, Falco now includes greater configurability, innovations with plugins, and so much more. These changes propel your organization forward and position you to power-dive into events and calls for when your workloads start going south — with a simple Falco setup you can elevate your threat response team to new heights with cloud native insights.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top