Multi-messenger Security - Adaptive Kubernetes SOC From Disparate eBPF Tools
CNCF [Cloud Native Computing Foundation] via YouTube
Learn AI, Data Science & Business — Earn Certificates That Get You Hired
Start speaking a new language. It’s just 3 weeks away.
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Learn how to build an adaptive Kubernetes Security Operations Center using multiple eBPF tools in this conference talk from KubeCon + CloudNativeCon. Discover how the Linux kernel's eBPF capabilities can unify security and observability through shared data structures, creating a comprehensive security monitoring system that combines established CNCF projects including Kubescape, Pixie, and Tetragon. Explore how this multi-messenger approach enables the detection of security signals that individual tools cannot identify on their own, achieving both comprehensive baseline monitoring and adaptive coverage that adjusts based on suspicious indicators. Understand how independent signals from processes, file systems, and network activity create high signal-to-noise ratios, enabling manageable data volumes and selective forensic storage. Watch a live demonstration of an io_uring rootkit detection scenario that showcases how traditional syscall-based security tools struggle with detection in default configurations, while the adaptive multi-tool setup makes detection almost trivial. Learn about the node-local SOC architecture that ensures data sovereignty by keeping all security data within your cluster, maintaining complete control over sensitive information while providing robust threat detection capabilities.
Syllabus
Multi-messenger Security: Adaptive Kubernetes SOC... Constanze Roedig, Ben Hirschberg & Dom Delnano
Taught by
CNCF [Cloud Native Computing Foundation]