eBPF is agentless, non-disruptive, and offers a tantalizing mix of data generation and control.
eBPF is on a trajectory to become one of the most significant components of modern observability and security solutions thanks to its ability to provide unparalleled visibility and act as a strategic control point for security.
What is eBPF?
eBPF (extended Berkley Packet Filter) is a lightweight, kernel-level Linux construct that can act as both a collection and control point for telemetry. It is popular because it does not require modifications to the kernel or recompilation, allowing it to act as a frictionless way to insert capture and control capabilities into systems.
While it is primarily used for capturing telemetry from a system, it can also be used as a control point because it is able to perform a limited set of functions. For example, it can be used to prevent propagation of suspicious packets as well as acting as a sort of packet-level router.
This dual nature is why the technology is gaining significance in both the observability (capture) and security (control) markets. eBPF enables analysis by offering a more robust set of capture points than is possible or financially feasible with traditional agent-based technologies. eBPF is an enabler of observability and security capabilities.
“For a deeper dive into eBPF, check out this Brightboard lesson with F5 DevCentral’s Buu Lam”
Why is eBPF the top technology of 2023?
I’m sure the first response to this statement is “Nuh-uh, generative AI is the top technology of 2023.”
Allow me to disagree.
While generative AI is the most promising technology of 2023, its impact on the market is still nascent. There are thousands (literally) of tools, frameworks, libraries, apps, and websites that enable organizations to quickly leverage the power of generative AI, but few tangible impacts on the market. To date, the impact of generative AI is largely on internal productivity gains which, while a good sign, are not significantly changing markets.
That’s not true of eBPF, which is having a profound impact on two distinct markets: security and observability. Indeed, eBPF is one of the foundational technologies making it possible for these two markets to converge and produce a new generation of operational tools that help keep enterprises—and their data—safer. Thus, eBPF is the most strategic technology of 2023.
Over the course of 2023 we’ve seen eBPF move from an enabler of observability to a significant shaper of security through its ability to act as an albeit limited control point. It is technically agentless, given that it can be incorporated into Linux-based systems without requiring recompilation or modification and is incredibly lightweight when compared to traditional agent-based alternatives.
Now, eBPF does not solve for the challenge of what to do with all that data that’s generated. That’s a bigger problem, and the rise of practices and approaches like ML and DataOps are a response to scaling telemetry pipelines to make sure all that goodness can be levered by analytics to produce the actionable insights organizations have been asking for since 2021.
But like most orgs, the first step is to make sure they’re collecting telemetry from all the right places, and one of the answers to that challenge is found in the use of eBPF.
Now, it turns out that eBPF isn’t just a data-generating technology. It’s also capable of acting on data, which means it can be used as a filter, a rudimentary router, and a means of neutralizing attacks or bad actors early on. Security services are fueled by data, but they also rely on control points to act on that data, and eBPF helpfully provides both functions.
And that’s why we’re seeing more and more usage of eBPF in both the observability and security markets, and especially in those offerings that are starting to operate in both domains. eBPF is the top technology of 2023.
Whether it can hold its place in 2024 in the face of the overwhelming momentum of generative AI remains to be seen. But the speed with which AI is moving indicates that if it doesn’t overtake eBPF in 2024, it will soon after.
Enterprise adoption of eBPF
Enterprise organizations can take advantage of eBPF through software and services that rely on the technology, as well as incorporating it into its own tech stack. The use of eBPF can greatly enhance visibility, particularly for traditional applications for which the cost is too high to instrument manually. By relying on eBPF, organizations can effectively “slide” visibility into an application stack without the overhead—and additional cost—required to deploy and manage agent-based options.
Organizations that haven’t explored eBPF yet are encouraged to do so now. With the rising costs associated with cloud—and with agent-based options—leveraging eBPF is an excellent strategic option for reducing costs while increasing visibility and fueling the data pipelines required by AI.
About the Author
Related Blog Posts
At the Intersection of Operational Data and Generative AI
Help your organization understand the impact of generative AI (GenAI) on its operational data practices, and learn how to better align GenAI technology adoption timelines with existing budgets, practices, and cultures.
Using AI for IT Automation Security
Learn how artificial intelligence and machine learning aid in mitigating cybersecurity threats to your IT automation processes.
The Commodification of Cloud
Public cloud is no longer the bright new shiny toy, but it paved the way for XaaS, Edge, and a new cycle of innovation.
Most Exciting Tech Trend in 2022: IT/OT Convergence
The line between operation and digital systems continues to blur as homes and businesses increase their reliance on connected devices, accelerating the convergence of IT and OT. While this trend of integration brings excitement, it also presents its own challenges and concerns to be considered.
Adaptive Applications are Data-Driven
There's a big difference between knowing something's wrong and knowing what to do about it. Only after monitoring the right elements can we discern the health of a user experience, deriving from the analysis of those measurements the relationships and patterns that can be inferred. Ultimately, the automation that will give rise to truly adaptive applications is based on measurements and our understanding of them.
Inserting App Services into Shifting App Architectures
Application architectures have evolved several times since the early days of computing, and it is no longer optimal to rely solely on a single, known data path to insert application services. Furthermore, because many of the emerging data paths are not as suitable for a proxy-based platform, we must look to the other potential points of insertion possible to scale and secure modern applications.