Natalia Reka Ivanko
Sr. Product Manager
Actions
Sr. Product Manager and previous Security Engineer with a strong background in Container and Cloud Security. Passionate about building things that matter and working with Software Engineers to apply Security Best Practices.
Inclined towards modern and innovative technologies like eBPF and Kubernetes, love programming in Python, and always looking for new challenges and growth. Big believer in open source and automation.
When I'm not in front of the computer, I love experiencing outdoor activities, mostly running, flying as a private pilot and getting to know new cultures.
Links
Area of Expertise
Topics
Seccomp And eBPF; What’s The Difference? Why Do I Need To Know?
Containers in Kubernetes share a common Linux kernel so how can we limit access where it isn’t required so we can follow the principle of least privilege? Join Natalia and Duffie as they each explore different approaches to harden your container security with Secure Computing (seccomp) and eBPF! The talk will begin with an overview and comparison between seccomp and eBPF and how they both can solve the same problem - limiting access to the Linux Kernel that all containers share. This will be a fun talk, showing each solution with a live demo.
You will leave this talk with a better understanding of how to limit what system calls a process can make and restrict your containers’ behavior to only access the files, binaries and external DNS names they need and nothing more. Which is the right solution for your environment? Come and learn about two of the commonly used technologies in use today!
Past, Present, Future of Tetragon- First Production Use Cases, Lessons Learnt, Where Are We Heading?
As many of you know already, Tetragon is reaching v1.0 - being a huge milestone for the community, our users as well as the engineers who have been working on the development for years.
This talk's main aim is to walk through the history of Tetragon, and predict its future trajectory. Why was it created in the first place? How? What were the first production use cases? What were the security challenges users were facing? Where are they at now? What were the lessons we learnt through this rocket-propelled roller coaster journey? As an example, the audience will learn how we avoided some pitfalls that BPF-based Security applications fall into and solved critical performance challenges.
We’ll finish by presenting where the project is heading, what are the main goals and use cases we are aiming to achieve in the future.
Paint The Picture! - Detecting Suspicious Data Patterns in Encrypted Traffic with eBPF and kTLS
Using eBPF to detect malicious events on Cloud Native environments continues to rise because it provides a wide range of options to monitor for suspicious runtime execution, network connections, and file access. However, detecting sensitive data patterns, like social security or credit card numbers in encrypted L7 network traffic has traditionally been done in user space. By leveraging in-kernel HTTP visibility and kTLS, we now have the ability to paint a complete security picture and monitor sensitive data flows between Kubernetes workloads, even if they are encrypted.
Using Tetragon, this talk will demonstrate how eBPF can be applied to solve the technical challenge of decrypting TLS traffic by using kTLS and showcase how Security Teams can detect sensitive data patterns, like social security numbers or exploit signatures in encrypted L7 traffic. By using eBPF, this solution avoids operational complexity, overhead, and is fully transparent to the application as well as the CNI.
Keeping your cluster safe from attacks with eBPF
eBPF has proven to be the optimal solution for security observability, but what if it could also actively prevent attacks from compromising your cloud environment? eBPF's prime location in the kernel and full programmability enable security use-cases that include observability and the ability to respond to threats before they compromise your cloud-native environment.
In this talk, we'll show a simple attack on a Kubernetes cluster that can be detected and blocked in real-time in the kernel using eBPF. Leveraging the power of the kernel to gain real-time visibility into the memory of the process and observe system access we will then block the detected attack and protect the cluster from compromise.
Detecting and Blocking a Sophisticated Kubernetes Attack in Real Time
As Kubernetes adoption continues to explode, the threat actors working on attacks are growing
in sophistication. Simple mitigations and security best practices are no longer sufficient alone to
protect production workloads. While tools like vulnerability scanning, signed container images,
and distroless containers help, constant monitoring must take place in a running environment to
ensure it remains safe from compromise.
eBPF, an emerging Linux kernel technology, provides us unique visibility directly into any
Kubernetes pod. Because pods on a node share a single kernel, a single eBPF program has full
visibility to the entire node’s workloads. We’ll show how using such a program gives us the
network and process-level visibility to detect and block a live sophisticated in-memory attack on
our cluster. We’ll finish by showcasing how security teams can easily put these same tools to
use to protect their critical Kubernetes environments from threats.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top