The cybersecurity landscape is filled with bad actors creating new ways to invade enterprise data, making innovation in security not an option but a necessity. Today, we announced a significant milestone in Tarsal’s journey towards revolutionizing security data access: kflow, a new open sourced eBPF derived tool for security ops enthusiasts who thrive on log data. This groundbreaking open-source project is a leap forward in how organizations perceive, manage and leverage security data — giving leaders the tools they need to prevent cybercrime before it happens.
Empowering Security Teams with the Power of eBPF
kflow harnesses the power of extended Berkeley Packet Filter (eBPF), a kernel-level technology, to capture complex endpoint events in real time. Security teams no longer have to rely on network-centric approaches for threat detection and response. With kflow, we’re broadening the scope of security data collection, enabling organizations to achieve unparalleled visibility into their systems’ inner workings.
eBPF serves as the backbone of kflow, enabling users to tap into the kernel’s resources and system information with unprecedented precision. By leveraging eBPF probes like kprobe and kretprobe, kflow captures data at the source and delivers it in JSON format for seamless integration with existing ETL pipelines and analytics platforms, including our own security data movement solutions.
Join the Revolution of Innovation and Collaboration
The journey towards kflow has been one of collaboration, innovation and relentless pursuit of excellence. Spearheaded by our CTO Barrett Lyon, and fueled by the collective brilliance of our team and partners, kflow is the culmination of more than three years of meticulous development and refinement. As we embark on this new chapter in our quest to revolutionize cybersecurity, we invite you to join us. Explore the possibilities of kflow, and discover firsthand how it can empower your organization to proactively defend against emerging threats.
We are constantly trying to improve how security data is handled and there’s a missing gap: Freely obtained end point data. The old world of tapping the network doesn’t work and getting to the data before it’s encrypted and placed on the wire is crucial. Think of this as sniffing the kernel of the computer rather than the network interface. We wanted to give this technology to the security community to foster the next generation threat hunting and detection. To learn more about kflow and how it can transform your organization’s security posture, visit our website at tarsal.co/kflow. Join us as we redefine the boundaries of security data management and chart a course towards a brighter, safer future.