eBPF (extended Berkeley Packet Filter) is a Linux technology that can run sandboxed programs in the kernel without changing kernel source code or loading kernel modules. While the kernel is an ideal place to implement monitoring/observability, networking, and security it wasn't until the recent broad adoption of eBPF that it was feasible.

Datadog has embraced the possibilities that eBPF brings in those areas and there are several teams already using eBPF in some of their products.

In this session Ara Pulido, Technical Evangelist, will chat with Guillaume Fournier, security engineer on the Security Agent team and Lee Avital, Team Lead on the Networks team. Both teams are using eBPF in production at Datadog. We’ll cover what eBPF is, the problem it solves, and how it is currently being used for network monitoring and security.

By the end of the session you will have a better understanding of what eBPF is, why so many organizations are adopting this new technology, and how eBPF can benefit your organization.