API security firm Traceable AI has announced the addition of extended Berkeley Packet Filter (eBPF) data to its platform to enhance API observability and visibility. eBPF is a technology that makes it possible to run special programs deep inside the Linux operating system in an isolated way.

A variant of BPF, it has become a universal in-kernel virtual machine that allows teams to collect data from Linux applications and network resources more easily and efficiently. By adding eBPF data to its platform, Traceable AI said it is helping CISOs, DevSecOps, and DevOps teams improve API security postures without the need to change kernel source code or add instrumentation.

eBPF data adds “360-degree” API observability and visibility

In a press release, Traceable AI stated that the benefits of eBPF come from its deep data, pulled from the application environment, which, when combined with the firm’s technology, provides customers “360-degree” observability and visibility into all API activity. “eBPF is critical for the most efficient API security at scale and is especially important for businesses with high-performance security requirements,” commented Sanjay Nagaraj, Co-Founder and CTO of Traceable AI.

Speaking to CSO, Nagaraj says eBPF will be used to map the attack surface area of customers, addressing three key API security challenges organizations face. “First, most dev and security teams do not have an accurate and up-to-date inventory of their APIs, so it’s difficult to catch breaking changes. Second, shadow APIs exist that don’t go through a centralized API gateway. Third, the frequency of releases makes it extremely difficult for security teams to understand risks in their environment and make decisions accordingly.”

Prevention and isolation among eBPF’s API security benefits

Experts agree that eBPF has the capability to significantly enhance organizations’ API security strategies. “Deep visibility into how an API is working allows unprecedented insights into security incidents and can assist with prevention by seeing exactly where issues might come up,” Peter Lowe, principal security researcher at DNSFilter, tells CSO. “What’s more, the sandbox nature of APIs built on top of eBPF means that with a well-designed system, isolation of services under attack can be much more easily achieved.”

Liz Rice, chief open source officer at Isovalent and AWS Container Hero concurs. “eBPF allows us to modify and customize the behavior of the operating system kernel, so we can insert eBPF security checks directly within the kernel’s networking stack. This is highly performant, and it’s completely transparent to the applications being secured.” Products aimed at API security will typically collect network events using eBPF and then pass this to user space for layer 7, application-level parsing, and enforcement, she adds. “Innovation in the eBPF space is likely to move more and more of the application-layer processing directly into the kernel.”

Copyright © 2022 IDG Communications, Inc.