Natalia Reka Ivanko
Security Product Lead
Actions
Sr. Product Manager and previous Security Engineer with a strong background in Container and Cloud Security. Passionate about building things that matter and working with Software Engineers to apply Security Best Practices.
Inclined towards modern and innovative technologies like eBPF and Kubernetes, love programming in Python, and always looking for new challenges and growth. Big believer in open source and automation.
When I'm not in front of the computer, I love experiencing outdoor activities, mostly running, flying as a private pilot, getting to know new cultures and making friends.
Links
Area of Expertise
Topics
Past, Present, Future of Tetragon- First Production Use Cases, Lessons Learnt, Where Are We Heading?
As many of you know already, Tetragon is reaching v1.0 - being a huge milestone for the community, our users as well as the engineers who have been working on the development for years.
This talk's main aim is to walk through the history of Tetragon, and predict its future trajectory. Why was it created in the first place? How? What were the first production use cases? What were the security challenges users were facing? Where are they at now? What were the lessons we learnt through this rocket-propelled roller coaster journey? As an example, the audience will learn how we avoided some pitfalls that BPF-based Security applications fall into and solved critical performance challenges.
We’ll finish by presenting where the project is heading, what are the main goals and use cases we are aiming to achieve in the future.
Getting Started Contributing to Cilium & Tetragon
You are using Security events from Tetragon to audit Cilium’s runtime behaviour, network traffic, its loaded BPF programs or maps and have found a bug. You think you have a fix, but aren’t sure how to contribute it back to upstream. This is the Contribfest for you! We will start with an overview of Cilium and Tetragon for developers to help contributors understand how the different parts of the projects interact and where they should look to contribute their code.
Going over Cilium and Tetragon’s architecture will help developers understand both project’s design principles to facilitate their contributions. From there, we will divide into groups based on functional area to discuss new and outstanding PRs. New contributors to Cilium and Tetragon will learn how to contribute to the project and existing contributors will be able to engage with committers to get their PRs merged.
Paint The Picture! - Detecting Suspicious Data Patterns in Encrypted Traffic with eBPF and kTLS
Using eBPF to detect malicious events on Cloud Native environments continues to rise because it provides a wide range of options to monitor for suspicious runtime execution, network connections, and file access. However, detecting sensitive data patterns, like social security or credit card numbers in encrypted L7 network traffic has traditionally been done in user space. By leveraging in-kernel HTTP visibility and kTLS, we now have the ability to paint a complete security picture and monitor sensitive data flows between Kubernetes workloads, even if they are encrypted.
Using Tetragon, this talk will demonstrate how eBPF can be applied to solve the technical challenge of decrypting TLS traffic by using kTLS and showcase how Security Teams can detect sensitive data patterns, like social security numbers or exploit signatures in encrypted L7 traffic. By using eBPF, this solution avoids operational complexity, overhead, and is fully transparent to the application as well as the CNI.
Keeping your cluster safe from attacks with eBPF
eBPF has proven to be the optimal solution for security observability, but what if it could also actively prevent attacks from compromising your cloud environment? eBPF's prime location in the kernel and full programmability enable security use-cases that include observability and the ability to respond to threats before they compromise your cloud-native environment.
In this talk, we'll show a simple attack on a Kubernetes cluster that can be detected and blocked in real-time in the kernel using eBPF. Leveraging the power of the kernel to gain real-time visibility into the memory of the process and observe system access we will then block the detected attack and protect the cluster from compromise.
Detecting and Blocking a Sophisticated Kubernetes Attack in Real Time
As Kubernetes adoption continues to explode, the threat actors working on attacks are growing
in sophistication. Simple mitigations and security best practices are no longer sufficient alone to
protect production workloads. While tools like vulnerability scanning, signed container images,
and distroless containers help, constant monitoring must take place in a running environment to
ensure it remains safe from compromise.
eBPF, an emerging Linux kernel technology, provides us unique visibility directly into any
Kubernetes pod. Because pods on a node share a single kernel, a single eBPF program has full
visibility to the entire node’s workloads. We’ll show how using such a program gives us the
network and process-level visibility to detect and block a live sophisticated in-memory attack on
our cluster. We’ll finish by showcasing how security teams can easily put these same tools to
use to protect their critical Kubernetes environments from threats.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top