Explore open source intrusion detection for containers in this keynote presentation from KubeCon + CloudNativeCon. Discover how Shopify utilizes Falco, a CNCF incubating project, to monitor critical systems and detect potential security threats. Learn about tracking syscalls at the kernel level, implementing Kubernetes-aware processes, and using predefined rules for event logging. Gain insights into Shopify's deployment of Falco since 2018, including tips for maximizing its effectiveness, areas for improvement, and use cases for detecting compromises and data exfiltration. Understand the challenges of traditional network security models in Kubernetes environments and how Falco addresses these issues. Delve into Falco's features, rule creation, and prevention strategies for enhancing container security in cloud-native infrastructures.