In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Friday, April 21 • 11:55 - 12:30
The Next Log4jshell?! Preparing for CVEs with eBPF! - Natalia Reka Ivanko & John Fastabend, Isovalent

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Log4jshell, which has been considered the biggest 0 day vulnerability of this decade, is still affecting thousands of servers worldwide. If you were affected, would it have been any different if you had used eBPF? Could you observe the malicious external connection, the JNDI lookup, the Java class download, or the remote code execution? Or even better, could you prevent it? Since eBPF provides us with a unique visibility directly into any Kubernetes workload on a single shared kernel - the answer is yes. This talk will take Log4jshell as a learning lesson and show you how it could have been detected and blocked in real time inside the kernel using eBPF. We will walk you through how open source eBPF based tools can give full network and process-level visibility to detect and prevent Log4jshell and your next CVE. We’ll finish by showcasing how Security Teams can easily put these tools in place to protect their critical Kubernetes environment and by giving Security best practices on how to prepare for their next CVE with eBPF.

avatar for Natalia Reka Ivanko

Natalia Reka Ivanko

Security Product Manager, Isovalent
Security Product Lead and previous Security Engineer with a strong background in Container and Cloud Security. Passionate about building things that matter and working with Software Engineers to apply Security Best Practices. Inclined towards modern and innovative technologies like... Read More →
avatar for John Fastabend

John Fastabend

Principal Engineer, Isovalent
John is currently leading the Security and Observability team at Isovalent where he created Tetragon a runtime security and observability tool. When not working on Tetragon he maintains various bits and pieces of the Linux kernel contributing primarily to the BPF subsystem and networking... Read More →

Friday April 21, 2023 11:55 - 12:30 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity