Top 5 Concerns Every InfoSec Team Has And How To Overcome Them With eBPF - Natalia Reka Ivanko, Isovalent
Abstract
Security Operations teams often have their hands tied with respect to threat detection and incident investigation in cloud-native environments like Kubernetes. Traditional Security Monitoring tools are severely limited when workloads are containerized, IP addresses are frequently changing, thus no longer provide meaningful identity. However, by using open source tools leveraging the new eBPF technology, it has become possible to aggregate rich workload and Kubernetes API-aware metadata. This information is extremely powerful in SIEM systems and allows proactive monitoring and alerting when a malicious network connection is observed. This talk will give a hands-on, live walkthrough of the most common threat detection challenges that every SecOps team faces today while securing a Kubernetes environment, and offers solutions on how to overcome them by using open source eBPF-based tools.