SharkFest'24 US

Nigel Douglas

Nigel Douglas plays a key role in driving education for the detection and response segment for cloud and container security at Sysdig. He spends his time drafting articles, blogs, and taking the stage to help bring awareness to how security needs to change in the cloud.

Prior to his current role at Sysdig, he held similar engineering roles at security vendors such as Tigera, Malwarebytes and Solarwinds.

He has recently completed a Master of Science in Cybersecurity, Privacy, and Trust at South East Technological University in Ireland.


Sessions

06-19
17:00
60min
An API-Driven approach to automating packet captures in cloud-native systems
Nigel Douglas

In Kubernetes, the management and analysis of network traffic is complicated by the transient nature of containers and the complex architecture of Kubernetes elements such as pods, deployments, and services. Traditional tools like Wireshark, while robust, often fail to effectively navigate these intricacies, capturing excessive and irrelevant data that we call "noise."

In this presentation, we will explore how Falco, a cloud-native detection engine, integrated with Falco Talon, a specialised response engine designed for the open-source Falco community, can streamline this process.

We'll show how this open-source proof-of-concept enables the automatic initiation of tshark captures directly in response to security alerts triggered by Falco in environments like containers and Kubernetes, which typically do not support interactive GUIs.

Security
Great Falls