SJULTRA’s article on eBPF for Security: Extinction or Revolution? was included in Episode 63 of the eCHO news, a bi-weekly wrap up of all things eBPF and Cilium.
This newsletter is a great resource to keep up on the latest in cloud native networking, observability, and security.
Big thanks to Bill Mulligan, who leads community @ Isovalent working on Cilium and eBPF. It’s been ace to find some great people doing great eBPFeBPF (extended Berkeley Packet Filter) is a Linux kernel tec… work — all thanks to Bill’s efforts at building a community.
The SJULTRA team have pulled out some key parts of the newsletter that piqued our interested, but there’s more in the newsletter!
ALSO check out Bill’s LinkedIn Newsletter – eCHO News.
I wouldn’t have known about the eBPFeBPF (extended Berkeley Packet Filter) is a Linux kernel tec… summit if it wasn’t for Bill’s community work and this newsletter. THANKS BILL!
It’s September 11 in London and kicks off late afternoon.
Check out the details on the eBPF London Summit.
I'm also looking forward to two talks about some of the work that will be coming out of the eBPF Foundation shortly including an eBPF threat model and an audit of the verifier. Both of these projects are important for giving companies confidence when they are deploying eBPF (or eBPF based tools) into production. After all, who doesn't love a "free" third party audit to put on their CTO's desk? The schedule for Cilium + eBPF Day is coming out tomorrow too and I've got to put finishing touches on it so let’s 🐝 -gin.
This was fun read, but it reminds me of something serious: eBPFeBPF (extended Berkeley Packet Filter) is a Linux kernel tec… has many applications… including Game of Life!
I love articles that are fun but also share unique perspectives, it’s how we make progress, right?
Have your mind opened / challenged with eBPF for Anything.
The WSJ gave eBPFeBPF (extended Berkeley Packet Filter) is a Linux kernel tec… an honourable mention in How the CrowdStrike Tech Outage Reignited a Battle Over the Heart of Microsoft Systems.
Another open-source alternative is already available on the Linux operating system, but it’s up to Microsoft to make it available for Windows, said Alexei Starovoitov, a Meta Platforms engineer and a creator of the technology.
Called the Extended Berkeley Packet Filter, or eBPF, the decade-old technology pioneered by Starovoitov and others could have helped prevent CrowdStrike’s global outage, its proponents and cyber vendors say. EBPF puts programs in a walled-off environment in the kernel, preventing a bad or malicious update from reaching it and crashing a computer.
CrowdStrike agrees. It’s a “super revolutionary technology,” the company’s president, Michael Sentonas, said. “If something happens where you have a crash, you don’t take out the entire kernel.”
While headlines rolled out on the impact of the outage, Brendan Gregg, an eBPF pioneer and fellow at Intel, said he and other leaders of the open-source technology were talking: “We’re like, ‘We have worked on the solution to this for so many years.’”
One of our CNAPP engineers, Tom Howarth, wrote a paper for Accuknox — Technical Report: Protecting your containers from themselves with AccuKnox.
After that he put something together with me specifically about eBPF for Security: Evolution or Revolution?
More and more organizations and technologies are using eBPF for security. eBPF (extended Berkeley Packet Filter) is the new standard to program Linux kernel capabilities in a safe and efficient manner without requiring to change kernel source code or loading kernel modules. It has enabled a new generation of high performance tooling to be developed covering networking, security, and observability use cases. eBPF is a core and increasingly ubiquitous technology for networking, observability, and security. eBPF has been evolving in Linux kernels for a decade, it has matured as *the* way to secure workloads running on both Linux and also Windows– and it’s the increasing use cases and scope that is revolutionizing security across the cloud and the internet. When security and development pros use eBPF for security, they are doing so to answer these questions:
Impossible….?
These are just a few bits – check out the newsletter for much more.
Also, here’s the list of people that Bill included in the thank you for contributing to the eCHO newsletter:
Content from: