ebpf
Safeguard articles tagged "ebpf" — guides, analysis, and best practices for software supply chain and application security.
20 articles
Deploying Falco for Runtime Security in 2026
A pragmatic deployment guide for Falco 0.41 in production Kubernetes: driver selection, rule tuning, alert routing, and the operational debt teams underestimate.
Best runtime container security tools
A practical comparison of runtime container security tools, from eBPF-based monitoring to commercial threat detection platforms, and what to weigh before buying.
Runtime Threat Detection in Cloud-Native Environments
Static analysis catches known vulnerabilities. Runtime detection catches exploitation. Here is how to implement runtime threat detection for containerized workloads.
eBPF and OpenTelemetry: The New Instrumentation Layer for...
eBPF and OpenTelemetry are becoming AppSec's new runtime instrumentation layer, catching supply chain attacks like the xz backdoor that static scanners miss entirely.
eBPF Security Controls: A Production Experience Report
Field notes on running Tetragon, Falco, and Cilium eBPF controls in production Kubernetes clusters, with observed overhead, policy traps, and kernel constraints.
Cilium Network Security in Kubernetes: Beyond Basic Network Policies
Cilium uses eBPF to provide network security that standard Kubernetes NetworkPolicies cannot match. Here is what it adds and how to configure it.
eBPF for Security Monitoring: What It Can and Cannot Do
eBPF is being called the future of security observability. It is genuinely powerful, but it is not a magic bullet for runtime security.
Container Runtime Security Monitoring: Catching What Scanners Miss
Image scanning finds known vulnerabilities before deployment. Runtime monitoring catches actual exploitation, zero-days, and behavioral anomalies after deployment. You need both.