eBPF is a kernel technology that brings superpowers to cloud native tooling. You might already be using eBPF, in the form of CNCF projects like Cilium or Falco, lower level tools like bpftrace or even in the form of seccomp profiles. eBPF-based tools like these can connect, observe and secure applications without having to make any changes at all to those applications - we don’t even have to restart them. This talk will use live coding and demos to show how eBPF can be used to observe behaviour, and why it’s a great platform for security observability - watching for, and even preventing, malicious events.

Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She was Chair of the CNCF’s Technical