Getting Started with eBPF for Security

Getting Started with eBPF for Security In this video, we focus on the emerging technology of eBPF (extended Berkeley Packet Filter). We explain its significance in differentiating cloud security vendors and its applications in security for containers and Linux runtime environments. The video provides an overview of how eBPF works, its interaction with kernel and user space, and highlights the benefits and challenges of integrating eBPF in various security tools. Links: Helpful guide on learning eBPF: https://www.brendangregg.com/blog/2019-01-01/learn-ebpf-tracing.html Kernel vs. User Space & Containers: https://www.redhat.com/en/blog/architecting-containers-part-1-why-understanding-user-space-vs-kernel-space-matters Getting Started Tutorial: https://ebpf.io/get-started/ Rami's post on eBPF and ADR in the context of RASPs failure: https://ramimac.me/rasp 00:00 Introduction to eBPF 02:17 Containers, User Space, and Kernel Space 05:22 Learning how eBPF works 06:46 eBPF: Practical Examples 09:51 Vendor Example - RAD 13:48 Vendor Example - Accuknox 15:15 Vendor Example - Aqua and Sysdig 15:30 Vendor Example - ARMO 17:15 Vendor Example - Oligo 20:22 Vendor Example - Levo 20:45 Vendor Example - Impart 21:36 Vendor Example - Sweet and Upwind 22:54 Vendor Example - Spyderbat 24:02 Challenges with eBPF 27:13 Conclusion and Future Outlook