Speaker
Description
In terms of offering thorough visibility and effective threat mitigation, typical security systems frequently fall short. Without changing kernel code, the Extended Berkeley Packet Filter (eBPF) is a potent technology that makes it possible to monitor kernel-level activity safely and effectively. This session examines how runtime protection, network security enforcement, and real-time observability offered by eBPF might improve security on Ubuntu systems. Measures like intrusion detection systems, antivirus software, and static firewalls are less efficient against contemporary attacks as a result of the sophistication of security threats. By offering a programmable method of real-time system behavior analysis without compromising kernel stability, eBPF tackles these issues. eBPF is a crucial tool for contemporary security observability and enforcement since it can examine system calls, network packets, and process events by executing sandboxed programs inside the Linux kernel.
The talk will focus on the integration of eBPF with Ubuntu, highlighting Ubuntu’s compatibility and ecosystem support for eBPF-based security applications. also include practical demonstrations of eBPF-based security tools on Ubuntu, showcasing how to use eBPF programs for monitoring system calls, filtering network traffic, and detecting suspicious activities. We will walk through real-world examples of deploying eBPF security tools such as Falco, Cilium, and BPFtrace, and demonstrate how they enhance security in Ubuntu environments.
Participants will have a thorough grasp of how to use eBPF to improve security in Ubuntu environments by the end of this session. They will acquire hands-on experience in deploying eBPF for anomaly detection, network protection, and security monitoring, allowing them to leverage this potent technology in their own security plans.
What audience can learn
Participants will have a better understanding of how eBPF improves security in Ubuntu systems at the end of this session. From kernel compatibility to integrated tooling, they will discover how Ubuntu's environment facilitates eBPF and how it allows for real-time security monitoring without requiring kernel modifications. Using Ubuntu-native tools and configurations, the session will explore real-world use cases such as network filtering, anomaly detection, and process monitoring. Attendees will get practical knowledge about implementing eBPF-based security solutions through practical demonstrations using Falco, Cilium, and BPFtrace on Ubuntu. In order to guarantee a seamless and safe integration of eBPF into Ubuntu systems, we will lastly go over best practices, performance concerns, and typical hazards.
Biography
V Sreenivas is a DevRel, specializing in cybersecurity, Linux security, and cloud-native security. With a strong background in security engineering and open-source contributions, he has worked extensively on security observability and enforcement mechanisms using eBPF. Passionate about sharing knowledge, he has spoken at various security conferences and actively contributes to the security community. https://www.linkedin.com/in/v-sreenivas-985088203/
Summary
What if Ubuntu security risks could be instantly identified and blocked without affecting system performance? This is made feasible by eBPF, which activates runtime protection, network filtering, and deep observability from within the Ubuntu kernel.
| Difficulty level | Intermediate |
|---|