Traditional security in Kubernetes relies on logs and audit trails, often leading to delayed threat detection and high overhead. Falco, a CNCF project, uses eBPF (Extended Berkeley Packet Filter) to monitor system calls in real time, detecting threats like unauthorized access, privilege escalation, and suspicious network activity—without impacting performance.

This talk will cover:
• Why traditional security monitoring falls short in Kubernetes
• How eBPF enables lightweight, real-time detection
• Falco’s architecture and use of eBPF probes
• Practical threat detection examples (e.g., kubectl exec abuse)
• Best practices for integrating Falco into security workflows

Through a live demo, we’ll showcase how Falco instantly detects malicious behavior inside containers. Attendees will gain insights into modern Kubernetes security and how eBPF enhances observability for proactive threat detection. Ideal for security engineers, SRE & DevSecOps teams securing cloud-native environments.