terminated as needed, compared to Netflix, which has about 15 eBPF applications operating on each
            server instance.



            The Value of eBPF

            eBPF is crucial for businesses that are seeking high-performance security requirements. Think of it as a
            [web]space  telescope  that  offers  businesses  performance  benefits  while  providing  previously
            unattainable views into their APIs.

            Three areas in how eBPF brings value include:
            -Non-invasive observability of system and workloads

            -Efficient virtual networking
            -Enables innovation around the core of the operating system – vast untapped potential



            Why is eBPF Important?

            Two areas where eBPF really shines regarding API security are observability and monitoring:

            1) Observability - When filtering network packets, eBPF was first applied to improve observability and
            security. It has, however, evolved into a means of making the use of user-supplied code safer, more
            practical and more effective over time. eBPF is presently utilized in numerous applications  due to its
            growing popularity. The use of eBPF enables major cloud providers like Netflix, Facebook, AWS, Google,
            and Microsoft to offer new cloud tools and capabilities. To get the application data, eBPF helps with:

            · Metrics

            · Tracing

            · Logs

            · Exception

            2) Monitoring - Deep API traffic data, such as request/response headers and bodies/payloads, can be
            displayed using the eBPF-based data collection for both North-South and East-West traffic. Because it
            operates at the kernel level, this data collecting is out-of-ban, non-intrusive, quick, and extremely efficient.
            Additionally, this high eBPF efficiency produces a nearly negligible overhead (difference in latency of less
            than 1ms) on instrumented applications.



            How Does it Work?

            With the help of eBPF, programmers can run code in the kernel's privileged environment and see how
            the kernel responds to specified triggers such as system calls, network events, kernel tracepoints and





            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         117
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.