Cisco Acquires Isovalent to Advance Cloud-Native Networking Based on eBPF

Cisco today announced it plans to acquire Isovalent as part of an effort to advance adoption of an approach to networking that leverages extended Berkeley Packet Filtering (eBPF) within the microkernel of the operating system to process packets at levels of speed and scale that would not otherwise be possible.

Tom Gillis, senior vice president and general manager for Cisco Security, said the open source Cilium networking software based on eBPF will move a wide range of networking and security functions that today are generally handled today by hypervisors into the kernel of the operating system.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

In addition to enabling much higher levels of performance at scale, that approach will also create an opportunity to embed the processing of those functions into a range of classes of processors to further improve performance at levels of unprecedented scale, he added.

At the same time, running those functions at the microkernel level will also provide greater visibility into processes that will ultimately improve cybersecurity, noted Gillis. In addition to a curated instance of Cilium for networking Kubernetes clusters dubbed Cilium Mesh, Isovalent also developed a security tool for enforcing runtime behaviors dubbed Tetragon.

By leveraging eBPF and Cilium, it becomes feasible to see the relationship between processes in a way that surfaces anomalous behavior without necessarily having to decrypt every network packet, noted Gillis.

Cilium has been gaining traction primarily in cloud-native application environments where it is deployed across Kubernetes clusters. In fact, Cilium is now one of the open source projects most frequently downloaded from GitHub, noted Gillis.

Once the deal closes next spring, Cisco plans to further broaden the reach of Cilium to include support for multiple types of applications running in both the cloud and on-premises IT environments, said Gillis. In addition, more advanced IT organizations are also starting to encapsulate legacy monolithic applications running on hypervisors that can run on top of Kubernetes clusters, he added. The overall goal is to make eBPF and Cilium an open, ubiquitous standard, said Gillis.

It’s still early days so far as the number of instances of operating systems that support eBPF; it’s only been generally available in the most recent releases of Linux. Microsoft, meanwhile, has pledged to support eBPF in Windows, an event that should make it much simpler to create network overlays across a heterogeneous IT environment. The adoption of eBPF itself is now being advanced by The eBPF Foundation, an arm of The Linux Foundation committed to enabling other platforms beyond Cilium to run as sandbox programs at the kernel level in any operating system. It may be a few more years before that vision is completely realized, but the number of networking, security and storage platforms that will take advantage of eBPF in the months ahead is expected to expand considerably.

The challenge, of course, is finding a way to deliver those services at a high enough level of abstraction that mere IT mortals can manage them without having to rely nearly as much on specialists who all too often are hard to find and retain.