a White Paper for Security Practitioners
eBPF stands for extended Berkeley Packet Filter, but you probably already knew that. The old BPF system is used to filter packets on raw sockets and it has been extended to increase its area of usage. It is indeed now possible to plug an eBPF filter in various places of the Linux kernel to extract information or act on kernel behavior. And eBPF renders this possible by adding multiple kernel and userspace exchange methods.
There are 3 ways eBPF can be used in Suricata. In all of them, the eBPF filter can access the packet data and parse them to extract information.
Download this white paper to learn all about these three ways eBPF can be used in Suricata.
ABOUT STAMUS NETWORKS
Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. A global provider of high-performance network-based threat detection and response systems, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our solutions are advanced network detection and response systems that expose serious and imminent threats to critical assets and empower rapid response.
© 2014-2021 Stamus Networks, LLC. All rights Reserved.
