Try Free Tier
Book a Demo

eBPF for Cloud Runtime Security

Harness the power of eBPF connected with control plane context to visualize runtime activity, detect attacks, recognize anomalies, and automatically take the right action to protect app behavior and minimize downtime.

infograph-archi-4
eBPF Nano Agents
Our eBPF Nano Agent records ground-truth data plane activity, including process details, network connections, and file access as well as control plane context, including Kubernetes and Cloud Platform API calls—all in real time. Spyderbat offloads heavy processing away from the agent, ensuring extremely lightweight compatibility on production container workloads
Behavioral Context Web
The Spyderbat Behavioral Context Web continuously assembles eBPF data into a living temporal map based on causal relationships for immediate and historic visibility and analysis. The Behavioral Context Web enables causal-based analytics. This stateful nature to know exactly what caused what to happen is ideal for ephemeral, container-based environments.
Context
Input API
Quickly integrate with additional data sources you already use for workload context, from CI and cloud platforms to code scanners, monitoring, and tracing. Spyderbat identifies and ‘flags’ appropriate processes and network activity. Risk scores account for both Spyderbat-generated and AP-created flags, connecting otherwise disparate events together using the Behavioral Context Web.
Alert and Action API
Spyderbat Interceptor programmatically integrates with your downstream systems and processes already in place to automatically take additional actions, raise alerts, or customize responses. Automate responses locally on the Nano Agent to stop attacks and roll back misconfigurations, such as kill parent processes or restart pods, and leverage Spyderbat with your SIEM, SOAR, and ticketing systems like Jira or PagerDuty.

Spyderbat harnesses the power of eBPF to give you complete visibility and control

Runtime Visibility
Instant root cause of security and operational issues with real time and historical interactive visualizations across Kubernetes, containers and VMs for, with insight to how control plane and data plane runtime behaviors intersect.

Runtime Anomaly Detection
Protect known-good app behavior, and immediately pinpoint deltas to eliminate dwell time and automate action without machine learning black box algorithms. Quickly create policies from actual, observed behavior, rather than endless tuning exercises guessing at your applications runtime policies.

Runtime Intrusion Prevention
Automatically pinpoint and stop rogue processes, connections, or activity that shift-left security can't catch: including supply-chain attacks, compromised credentials, ransomware, and cryptojacking.

Runtime Automated Response
Rollback misconfigurations and stop emerging attacks by taking precise action at the workload. Stop rogue parent processes and restart pods, while alerting the appropriate team(s), using environmental context (e.g. namespaces) to programmatically take the right action.

spyderbat-clouds
Harness the power of eBPF

Accuracy, Speed, Completeness

The Spyderbat platform’s architectural components track all runtime system and container activities via eBPF for speed and scale. 

spyderlab@2x

eBPF Cloud Security

Free Whitepaper:
eBPF for Cloud Runtime Security

Learn how eBPF provides a new level of insight and context for cloud operations and security teams.

  • Instantly visualize app behavior.
  • Reduce alerts and false positives by multiple orders of magnitude.
  • Automatically stop risk and block attacks in runtime.
Get the Paper