However good the tools and processes you use to catch CVEs and security problems pre-deployment, it's still possible that your code and the platform it's running on could be compromised. When a new CVE and its patches are announced, it's called a "zero day", and it's a race against time for security teams to understand whether their deployments are vulnerable, and to get updated versions of all affected components deployed.

In this talk (with demos) you'll learn about strategies for using the open source runtime security tool, Cilium Tetragon, to detect components that are affected by a CVE. You'll see how eBPF allows Tetragon to generate rich forensic information to understand whether a vulnerability has been exploited in your system, and understand how the component was compromised.