Paint the Picture - Detecting Suspicious Data Patterns in Encrypted Traffic with eBPF and KTLS

Explore advanced techniques for detecting suspicious data patterns in encrypted traffic using eBPF and KTLS in this informative conference talk. Discover how leveraging in-kernel HTTP visibility and kTLS enables comprehensive security monitoring of sensitive data flows between Kubernetes workloads, even when encrypted. Learn about Tetragon's application of eBPF to decrypt TLS traffic using kTLS, and understand how Security Teams can identify sensitive data patterns like social security numbers or exploit signatures in encrypted L7 traffic. Gain insights into this innovative solution that avoids operational complexity and overhead while remaining fully transparent to applications and CNI. Delve into the growing importance of eBPF in detecting malicious events in Cloud Native environments, and explore its capabilities in monitoring suspicious runtime execution, network connections, and file access.