eBPF has proven to be the optimal solution for security observability, but what if it could also actively prevent attacks from compromising your cloud environment? eBPF's prime location in the kernel and full programmability enable security use-cases that include observability and the ability to respond to threats before they compromise your cloud-native environment.

In this talk, we'll show a simple attack on a Kubernetes cluster that can be detected and blocked in real-time in the kernel using eBPF. Leveraging the power of the kernel to gain real-time visibility into the memory of the process and observe system access we will then block the detected attack and protect the cluster from compromise.