eBPF: Modern Security for Modern Environments


Most traditional security tools work based on the IP:PORT: PROTO approach. They take the IP address of the machine, port, and protocol. And based on these three bits of information, they make some decisions. For example, they decide to block or allow the traffic.

Modern Container Networking Security

So, what can you do to secure your containers, you ask? Well, the answer is simple. You need a Layer 7 aware security tool. You need a tool that understands HTTP (and other protocols) traffic and can make security decisions based, for example, on HTTP headers and methods instead of only based on IP address.


eBPF is a Linux kernel technology that allows you to build mini-programs that run on a kernel level. In this post, we’ll talk about eBPF in the context of container networking security. But eBPF isn’t limited to that use case.

Layer 7 Awareness

First and foremost is the fact that Cilium understands APIs and Layer 7 protocols. This means that it can allow or block traffic from one container to another based on HTTP headers or methods, Kafka topics, gRPC traffic, and more. This is a real game-changer in the cloud-native world.

Advanced Network Policies

By default in the Kubernetes cluster, all containers can talk to each other. Of course, this isn’t the ideal situation. Cilium lets you implement advanced network policies that are enforced directly by eBPF. Cilium also takes DNS into consideration for policies management, which means you can enforce policies based on DNS names as well. This allows Cilium to cope well with the always-changing containers environment.

Summing up and Learning More

Containers bring many benefits, but they also bring more complicated networking. This makes traditional security work poorly with containers. You can use your existing tools for container-based environment security. But this approach will be far from perfect and will probably lead to a poor user experience.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


An Alten Company, Cprime is a global consulting firm helping transforming businesses get in sync.