Aqua Security

APRIL 21, 2022

Today, cloud native platforms are increasingly using eBPF-based security technology. It enables the monitoring and analysis of applications’ runtime behavior by creating safe hooks for tracing internal functions and capturing important data for forensic purposes.

Linux 142

Linux Malware Open Source Analysis 142

Lacework

OCTOBER 6, 2022

There are several ways to detect threats using system call (syscall) and kernel tracing in Linux. Lacework Labs comprehensively analyzed these mechanisms and their associated risks, and found that cloud workload protection platform solutions offering syscall or other kernel-level monitoring are vulnerable to an attack. .

Linux 52

Linux Cloud Tools Storage 52

Kentik

APRIL 3, 2023

eBPF is a lightweight runtime environment that gives you the ability to run programs inside the kernel of an operating system, usually a recent version of Linux. eBPF operates with hooks into the kernel so that whenever one of the hooks triggers, the eBPF program will run. That’s the short definition. How does eBPF work?

Programming 110

Programming Load Balancer Linux Network 110