Kubernetes Master Class: Getting Your Hands 'Dirty' in Container Sandbox
This session of the Kubernetes Master Class Series addresses the proliferation of "sandboxing" techniques to isolate containers and improve their security posture. We'll provide a short background on the rise of "sandboxing" technology in the global security space and will drill down into different container "sandboxing" technologies and projects.
We'll examine and compare different sandboxing initiatives: Google's gVisor, Openstack's Katacontainers, Hardware based initiative (containers "enclaves") as opposed to legacy Linux isolation tools applied for Containers (SELinux and Seccomp). We'll analyze the benefits and the challenges of each implementation and will demonstrate the attack types sandboxing/isolation technologies can mitigate vis-a-vis the attacks which sandboxing/isolation technologies cannot mitigate and require additional security layers.
Join Senior Director of Product Management at Aqua Security Ariel Shuper and Rancher Head of Product Management Ankur Agarwal as they discuss:
- The container threat landscape
- Different Sandboxing Technologies
- Security & Operation aspects of each Sandboxing technology