Page 116 - Cyber Defense eMagazine December 2022 Edition
P. 116
The Benefits of eBPF for API Security
By Sanjay Nagaraj, Co-Founder & CTO of Traceable AI
You might hear the term “eBPF” mentioned when chatting to DevOps and DevSecOps folks about
network, infrastructure or security management. eBPF (extended Berkeley Packet Filter) is based on a
Linux kernel technology and opens the possibilities of monitoring and other capabilities to be done on top
of the operating systems used mostly for the cloud. As developers continue to learn to utilize eBPF
capabilities, the potential to radically advance infrastructure, application and security tools is immense.
This definitely is the case as it relates to API security.
What is eBPF?
eBPF is a technology with origins in the Linux kernel that has been shipped since 2014, which was also
when the first Kubernetes commit was made. In contrast to most of the developer code that is written in
user space, employing eBPF necessitates writing code in the kernel, which has clear benefits in terms of
performance and resource usage.
Teams that work in high-performance environments frequently use eBPF. For instance, Facebook has
roughly 40 eBPF programs active on every server with an additional 100 eBPF programs spawned and
Cyber Defense eMagazine – December 2022 Edition 116
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.