Workshop

Tetragon: Kubernetes Security Workshop with Copebit & AWS in Zurich

Join the team from Isovalent, Copebit & AWS for an instructor-led hands-on workshop on eBPF powered Kubernetes Security with Tetragon.

Tuesday, September 17
13:30 – 17:30 (meetup after)

AWS Switzerland Zurich OfficeMythenquai 10, 8002 Zürich, Switzerland

Meet us in Zurich to network and learn together about eBPF & Tetragon with the local community

Isovalent has joined forces with Copebit & AWS to organize a half-day workshop, where we will dive into presentations, demos, and hands-on labs around eBPF and Tetragon.

After the hard work is over, we’ll gather the local community for a meetup with plenty of drinks and bites to conclude the day on a high note and get to know each other. Sign up for the meetup here.

For this workshop you need to bring your own laptop.

Questions?
Please reach out to marketing@isovalent.com.

Agenda

13:30
Registration
14:00
Welcome and introduction by Copebit
14:30
Tetragon talk: “Adventures in the Kernel: Using eBPF and Tetragon for Runtime Metadata” by Isovalent

Come adventure in the kernel with eBPF programs. This talk looks at top use cases around eBPF and Tetragon, whereby sitting in the kernel offers interesting benefits for collecting, aggregating, and filtering security-significant data at near-zero overhead.
Learn how to associate process binary information up to the network traffic that it spawns, we also discuss network health metrics, file monitoring, and compliance attestation in cloud native environments.
15:00
Networking break
15:30
Lab 1: Getting Started with eBPF

eBPF is the new standard to program Linux kernel capabilities in a safe and efficient manner without requiring to change kernel source code or loading kernel modules. It has enabled a new generation of high-performance tooling to be developed covering networking, security, and observability use cases.

This lab takes the opensnoop example out of the book and teaches you to handle an eBPF tool, watch it loading its components and even add your own tracing into the source eBPF code.
16:15
Networking break
16:45
Lab 2: Getting Started with Tetragon

Tetragon is an open source Security Observability and Runtime Enforcement tool from the makers of Cilium. It captures different process and network event types through a user-supplied configuration to enable security observability on arbitrary hook points in the kernel; then translates these events into actionable signals for a Security Team.

This lab takes the Real World Attack example out of the book and teaches you how to detect a container escape step by step!
17:30
Closing (meetup starts at 18:00)

Workshop instructors:

Related Content

Events

Introducing Cilium Tetragon

For eBPF-based Security Observability & Runtime Enforcement

Online

LabsNov 21, 2022

Cilium is an open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. In this interactive, hands-on lab we provide you a fully fledged Cilium installation on a small cluster and a few challenges to solve. See for yourself how Cilium works and how it can help you by securing a moon-sized battlestation in a “Star Wars”-inspired challenge.