Happy Monday everyone!
Today we wanted to kick off the week with some education around eBPF technology and its use cases in security, particularly its ability to provide deep observability of runtime traffic.
To learn more about eBPF and cybersecurity, check out this 🧵 ⬇️
What is eBPF?
eBPF is a kernel technology (available since Linux 4.4). It lets programs run without needing to add modules or modify the kernel source code. You can think of it as a lightweight, sandboxed VM within the Linux kernel. This has implications for security!
Why is this technology useful for security?
It extends visibility and control to all system calls as well as provides packet level visibility of all networking traffic in a singular system that doesn't have the performance implications of traditional security agents.
This allows for the following security use cases to be achieved easier than in the past:
1. Reduce alert fatigue - w/ additional insight from eBPF, teams can reduce alert fatigue by 97% with proper context, i.e. security observability
2. Security protection at point of attack
Security eBPF use cases (continued...)
3. SDN Config, DDoS Mitigation, Intrusion Detection and Prevention, Container & Kubernetes Native Security.
Why would a vendor implement eBPF?
1. Decouple security innovation from OS, while still allowing same deep insight as in-kernel tech
2. More system throughput
3. Consolidate sys call, network filtering & process context into single system
4. Limit overhead for observability
To learn more about how @deepfence utilizes eBPF to provide context around security alerts and reduce alert fatigue by 97% with our cloud native application protection platform, schedule a demo with our Head of Product @ryancsmith2222 today!
go.deepfence.io/15-minute-demo
Deepfence
@deepfence
Securing your apps in production across the entire cloud native continuum – clouds, Kubernetes, containers, serverless, and more