Achieving anomaly detection at reasonable noise-levels still is inaccessible to most Kubernetes practitioners due to required effort, maintenance and missing skills. CNCF Kubescape enables a much more achievable UX and how the concept of SBoBs shifts the burden of secure-by-default baselines to the producer/vendor of the software.
The key benefit for the ecosystem is scalability of runtime-rule-maintainance by allowing users to inherit the rules and their updates from vendors directly.
In this talk, you'll learn how Kubescape leverages eBPF both to detect anomalies and filter them into relevant alerts in real-time while keeping performance overhead at bay. Its key advantage is UX: the profiles integrate with the CNCF ecosystem (e.g. gitOps) while staying human-readable and insightful, even without extra tools. Which is why SBoBs can do what seccomp and AppArmor somehow never could: give users sufficiently specific behavior profiles that neither block nor drown the analysts in noise