eBPF Superpowers For Security
Migrating to Kubernetes from an on-premise model has exposed serious gaps both in Network and Runtime Security which haven’t been solved yet. Security Teams still have their hands tied to traditional security tools which don’t work in the cloud native world where workloads are containerized, IPs are frequently changing, and providing no meaningful Identity anymore. Enterprises require low-head and real-time tools with unique visibility into Kubernetes workloads to detect attacks fast.
eBPF gives security superpowers in the kernel and is already used in several open source security tools in cloud native, like Tetragon, Falco, Inspektor Gadget etc. However, most Security Teams are not aware how much value these tools can give during threat detection and incident investigation by ensuring synchronous enforcement, avoiding TOCTOU attacks, providing low overhead, in kernel filtering as well as direct visibility into any Kubernetes workloads. These solutions just didn’t exist before eBPF.
This talk provides a live experience and hands on demos of the top 5 threat detection and incident investigation challenges that every Security Team faces today while securing Kubernetes environments and offers an innovative solution on how to overcome them by using eBPF superpowers and the next generation of security tooling.