#ebpf

#ebpf

Upwind focuses on securing public cloud environments with a so-called runtime-first approach. According to the company, traditional security models are increasingly out of step with modern cloud architectures, in which real-time applications and AI workloads play an increasingly important role. The CEO and co-founder argues that security should be based on what is actually happening in a cloud environment, rather than on static assumptions or snapshots.

Kubernetes networking is highly flexible but this flexibility can introduce security risks because all pods can communicate with each other by default. Cilium addresses these challenges by providing a modern, high-performance solution for Kubernetes networking that combines security, observability and performance using eBPF. Cilium is an open-source networking and security solution designed for cloud-native environments. It provides high-performance pod-to-pod networking utilizing eBPF and allows identity-aware network policies at the API level, enforcing fine grained controls.

"This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other hand to be remotely activated upon receiving a 'magic packet,'" security researcher Théo Letailleur said. The infection, per the French cybersecurity company, involved the attackers exploiting an exposed Jenkins server vulnerable to CVE-2024-23897 as the starting point, following which a malicious Docker Hub image named "kvlnt/vv" (now removed) was deployed on several Kubernetes clusters.

eAPM significantly enhances observability by providing automatic instrumentation for Kubernetes workloads, eliminating manual setup and allowing engineers to focus on performance and reliability.