LAST UPDATED Jan 10, 2024
Cisco recently announced its intent to acquire Isovalent, which was founded by the creators of extended Berkeley Packet Filter (eBPF) and builds open-source networking, service mesh, security and observability software for cloud-native infrastructure.
Jeetu Patel, EVP and GM of security and collaboration at Cisco, said in a statement, “Imagine — in today’s distributed environment of applications, virtual machines, containers and cloud assets — having security controls with total visibility, without hindering networking and application performance. The combination of Cisco and Isovalent will make this a reality.”
What Is eBPF?
Extended Berkeley Packet Filter (eBPF) is a framework that extends the ability to attach
at the kernel level within a Linux environment. The advanced Linux kernel technology enables real-time performance monitoring, networking, and security. It allows developers to create programs in user space and inject them into kernel space without modifying kernel code, providing low-impact, adaptable solutions for various use cases.
eBPF provides real-time, detailed kernel-level monitoring, enabling comprehensive insights into system components and activities.
How Does ThreatX Use eBPF?
ThreatX Runtime API and Application Protection (RAAP) is the first cloud-native solution to detect and block runtime threats to APIs and applications. Its patent-pending capability leverages eBPF to extend protection to the runtime environment and deliver real-time blocking for runtime threats.
eBPF is an ideal solution for runtime threat protection because it safely allows access into kernel-level data, without modifying the kernel, and stops malicious processes and infected containers without any performance degradation.
Runtime protection leveraging eBPF can monitor events in the processes running on the application host. As a result, it provides a lot more visibility into data beyond typical HTTP, from monitoring at the kernel level, seeing all the way down to network flows, the process tables, arguments, environment variables, etc.
ThreatX offers both Runtime API and Application Protection (RAAP) and ThreatX API & Application Protection – Edge to provide a 360-degree ability to detect, track, and block threats to APIs and applications.
RAAP and Edge together provide comprehensive protection for APIs and applications. Edge monitors the traffic hitting your APIs and applications, identifying, alerting on, and, if needed, blocking threats before they gain access to your system. This protection is critical, but it doesn’t address threats that can arise from exploitations at the OS level, across in-network traffic (i.e., east-west), or zero-day threats. This is where our RAAP solution comes in, monitoring and protecting from the inside, at the operational side of your APIs and apps.
What Does It Mean for You?
Cisco is a $55+ billion company and paid over $600 million for Isovalent, 32 times its current annual recurring revenue (ARR). This signals that Cisco believes in the power and possibility of eBPF, and is willing to invest significantly in enhancing and leveraging it.
Cisco has stated that they are committed to keeping eBPF open-source. Stephen Augustus, Head of Open Source at Cisco, said in a statement, “Cisco is committed to nurturing, investing in, and contributing to the eBPF and Cilium open-source communities.”
They could certainly change their minds on this stance, but for now, their statements indicate that eBPF is and will be available, and the eBPF community can keep building on it.
Cisco’s investment and faith in this technology should signal to CIOs, CISOs, and other executives that this is a technology to watch. In addition, those just learning or hesitant about eBPF should have a new level of comfort and reassurance about leveraging the technology, now backed by Cisco.
I personally think this acquisition is great news for eBPF and will boost awareness and use of this incredible technology.
Learn more about this acquisition.
Learn more about eBPF and how ThreatX leverages it.