Sysdig Introduces eBPF Instrumentation to Extend Cloud-native Visibility and Security to Container-Optimized Linux Platforms.

FEBRUARY 27, 2019


ebpf containervision

eBPF contributions reaffirm commitment to open source

SAN FRANCISCO — Feb. 27, 2019 — Sysdig, Inc., the cloud-native intelligence company, today announced that the Sysdig Cloud-Native Intelligence Platform and Sysdig’s open source technologies now leverage extended Berkeley Packet Filter (eBPF) to deliver visibility and security for container-optimized Linux platforms. eBPF, a Linux-native in-kernel virtual machine, enables secure, low-overhead tracing for application performance and event analysis. With new Sysdig-engineered eBPF programs, Sysdig extends its technology to purpose-built container operating systems, including Google’s Container-Optimized OS (COS) and Red Hat’s Project Atomic Host.

“Visibility and security are critically important issues when it comes to containerized environments,” said Loris Degioanni, chief technology officer and founder at Sysdig. “By offering a unified platform, we’re enabling collaboration between historically separate teams and provide everyone with the same rich data so the entire team understands the entire system and they are speaking the same language. eBPF provides an opportunity for us to deliver our solution to more enterprises, including those operating in container-optimized environments.”

451 Research predicts the application container marketplace will reach $4.3 billion by 2022, a compound annual growth rate (CAGR) of 30%. Containers give enterprises greater flexibility to run applications across clouds and, more than any other technology, are helping to make multi-cloud and hybrid-cloud a reality. Sysdig solves the multi-cloud visibility challenge by providing cross-cluster and cross-cloud visibility and security – now supported with full functionality using eBPF.

The Benefit of ContainerVision with eBPF
Sysdig’s engineered eBPF programs can be leveraged by ContainerVision, Sysdig’s patented data collection technology that is responsible for providing visibility inside containers. ContainerVision is at the core of all Sysdig software and it is what gives enterprises a complete, unobstructed view inside their environment. The new eBPF support enables users to deploy Sysdig solutions to monitor and secure next-generation operating systems designed for running containers. These operating systems, including Container-Optimized OS (COS) from Google Cloud Platform and Project Atomic Host from Red Hat, which pre-install container runtimes and Kubernetes components, feature an immutable infrastructure approach designed with a minimal footprint to enhance operational security and scale.

As more enterprises move to container-based cloud environments, the demand for container and Kubernetes monitoring and security capabilities has increased. Sysdig is the only platform with a combined solution for both. Enterprises that pair container-optimized platforms with Sysdig’s eBPF implementation gain deep views into their infrastructure and applications along with the ability to operate secure environments with greater confidence while resolving issues more quickly.

Sysdig is Committed to Open Source
Sysdig launched in 2013 with sysdig, its open source monitoring technology. Since then, beyond the company’s visibility and security platform, Sysdig has launched additional open source projects, including Falco, the open source runtime security project from Sysdig that was added as a Cloud Native Computing Foundation Sandbox project last year. Sysdig is committed to the open source community and has contributed more than a dozen enhancements to the eBPF project over the last several years.

eBPF Reinforces the value of kernel-level instrumentation
The popularity of eBPF-based kernel tracing further reinforces Sysdig’s kernel-level instrumentation that delivers seamless performance and security observability for hosts, containers, and infrastructure. By observing activity at the kernel-level, Sysdig solutions deliver deep, granular visibility with transparent instrumentation that eliminates the overhead and risk of adding monitoring and security code into individual container images.

eBPF is now available with the latest releases of Sysdig’s open source projects – sysdig and Falco – to enterprises running Linux Kernel Version 4.14 or higher. It will be available with Sysdig’s unified agent for Sysdig Monitor and Sysdig Secure in March.


Media Contact

Amanda McKinney
[email protected]

Sysdig Logo

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig, rated #1 for CSPM in the Gartner Peer Insights “Voice of a Customer” report, correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.