Keynote: Picture this! Solving Security Problems Visually with eBPF
Conference: Cloud Native SecurityCon North America 2023
Authors: Liz Rice
Summary
The power of using visualizations to solve security problems with eBPF
- eBPF is a platform for building network observability and security tooling
- Visualizations can help us answer security-relevant questions more easily than wading through logs
- Psyllium's Hubble component generates network flow logs that are collected by eBPF programs and can be visualized to understand network traffic
- Prometheus metrics generated by Hubble can be used to understand network policy verdicts
- eBPF tools can generate rich contextualized events in the form of logs and metrics that can be visualized to solve real security problems
Abstract
eBPF is a wonderful platform for the next generation of security tools, but there can be a big gap between detailed events at the kernel level, and meaningful, understandable information that security and platform teams can act on. Let’s look at some of examples of graphs and visualizations that aggregate information collected through eBPF, that can help us answer security-relevant questions much more easily than wading through logs.
Materials:
Tags:
Post a comment
Related work
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Natalia Reka Ivanko, John Fastabend
2023-04-21