The evolution taking place in the enterprise technology space has made security emerge as a standalone discussion topic.
The current state of security architecture is creating a whack-a-mole approach, but extended Berkeley Packet Filter, or eBPF, programs seek to be a game-changer in cloud-native security by incorporating observability, networking and security tools into the kernel, according to Liz Rice (pictured), chief open-source officer of Isovalent Inc. and chair of the Technical Oversight Committee at the Cloud Native Computing Foundation.
“With eBPF programs, we can load programs dynamically into the kernel, and we can attach them to all kinds of different events that could be happening anywhere on that virtual machine,” Rice said. “And if you have the right knowledge about where to hook into, you can observe network events, you can observe file access event, you can observe pretty much anything that’s interesting from a security perspective.”
Rice spoke with theCUBE industry analysts Lisa Martin, John Furrier and Dave Vellante at CloudNativeSecurityCon, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how eBPF is revolutionizing the security space, the Cilium open-source software project, and the advent of the CloudNativeSecurityCon event.
eBPF is at the heart of the Cilium project
As an open-source project, Cilium is a real-world eBPF example meant to offer observability and security in container workloads’ network connectivity. This is also made possible because eBPF is a scalable technology, Rice explained.
“Cilium is adopted by hundreds of really big-scale deployments,” she noted. “We were also looking at some runtime, security detections, seeing things like, in my example, exfiltrating the plans to the Death Star, you know, looking for suspicious executables. I’ve been fascinated by eBPF for years, and it’s really amazing to see it being used in the real world now.”
The Cilium project plays an instrumental role when contributing to cloud-native security, according to Rice, who said that Kubernetes also comes in handy.
“Cilium is probably best known as a networking plugin for Kubernetes,” she said. “So, really being able to bring some of that networking capability, it required changes in the kernel. We are using eBPF to make the networking stack for Kubernetes and cloud-native really efficient.”
CloudNativeSecurityCon has a practitioner vibe
As an inaugural event, CloudNativeSecurityCon seeks to educate people more about security and how security practitioners get involved in cloud-native, according to Rice, who said that it was originally part of KubeCon.
“I think security was becoming such an important part of the conversation at KubeCon,” she said. “CloudNativeCon and the TAG Security, who were organizing the co-located Cloud Native Security Day, which then turned into a two-day event, they were doing this amazing job. And there was so much content and so much activity and so much interest that it made sense to say actually this could stand alone as a dedicated event.”
Automation is one of the key cloud-native forces, according to Rice, who said that it propels security by driving the toil and muck away for developers.
“Automation is one of the kind of fundamental underpinnings of cloud-native,” she pointed out. “We’re expecting infrastructure to be written as code. We are expecting the Kubernetes and surrounding tools to self-heal and to automatically scale and to do things like automated security.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of CloudNativeSecurityCon: