This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Sunday, February 12 • 4:10pm - 4:40pm
Linux Monitoring at Scale with eBPF

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.

The latest Linux kernels have implemented a Berkeley Packet Filter (BPF) virtual machine which can provide safe and efficient syscall hooking. There are many logging systems in Linux that provide security relevant data, and several excellent open source tools that sit on top of these. These existing options provide many features that are useful during response, but at scale we focus on lightweight alerting across the fleet, to be followed up with heavy scrutiny of a subset for a limited time. We landed on the need for three basic monitoring capabilities - process execution, network connections and file integrity. Our goal is to provide meaningful security monitoring at under 1% overhead. 


Brendan Gregg

Brendan Gregg is a senior performance architect at Netflix, where he does large scale computer performance design, evaluation, analysis, and tuning. He is the author of Systems Performance published by Prentice Hall, and has created performance analysis tools included in multiple operating systems. He has previously worked as a kernel engineer and as a security consultant. As an eBPF expert, he has developed and published BPF tools for the open... Read More →

Alex Maestretti

Alex Maestretti leads the Security Intelligence and Response Team at Netflix, with previous gigs at Apple and the US Government. Our SIRT reflects Netflix’s culture and technology stack. We are a small team rather than a multi-tiered SOC. We don’t do large volume alerts and instead focus on high ROI activities. Our technology stack allows us to be agile in responding to security incidents, and recover quickly, which in turn allows smart... Read More →

Sunday February 12, 2017 4:10pm - 4:40pm
DNA Lounge