The Benefits of eBPF for API Security

            By Sanjay Nagaraj, Co-Founder & CTO of Traceable AI


            You  might  hear  the  term  “eBPF”  mentioned  when  chatting  to  DevOps  and  DevSecOps  folks  about
            network, infrastructure or security management. eBPF (extended Berkeley Packet Filter) is based on a
            Linux kernel technology and opens the possibilities of monitoring and other capabilities to be done on top
            of the operating systems used mostly for the cloud. As developers continue to learn to utilize eBPF
            capabilities, the potential to radically advance infrastructure, application and security tools is immense.
            This definitely is the case as it relates to API security.




            What is eBPF?

             eBPF is a technology with origins in the Linux kernel that has been shipped since 2014, which was also
            when the first Kubernetes commit was made. In contrast to most of the developer code that is written in
            user space, employing eBPF necessitates writing code in the kernel, which has clear benefits in terms of
            performance and resource usage.

            Teams that work in high-performance environments frequently use eBPF. For instance, Facebook has
            roughly 40 eBPF programs active on every server with an additional 100 eBPF programs spawned and




            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         116
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.