Tarsal's open source project, kflow, simplifies security data collection

Tarsal’s open source project, kflow, simplifies security data collection

kflow is an open-source project that monitors function calls in the Linux kernel to capture data before encryption, allowing for enhanced security data generation and analysis. In this video, Barrett Lyon, Co-Founder and CTO at Tarsal, gives us an overview of the company and the challenges it is solving with kflow. He says, “Companies either have to hire teams to write scripts and applications to collect all log data, or they use a service like ours, and we just simplify it and make everything pretty much a clickable pipeline.”

How is Tarsal simplifying the management of security data?

Lyon explains how Tarsal simplifies the management of security data from cloud services into an efficient, manageable pipeline. He highlights the complexity and necessity of this service.
Tarsal addresses the challenge of managing multiple security data sources, including cloud services, audit logs, and more, and provides a clickable pipeline for security teams.
Lyon talks about why he started the company now, explaining how the shift in enterprise operations to cloud services created new security data challenges. He shares his experience with past startups.
Lyon talks about the company’s offerings and open-source strategy, highlighting their eBPF-based project for Linux kernel monitoring, kflow. He emphasizes the benefits of open-sourcing citing community collaboration and improved security data generation.
Lyon discusses how open-sourcing kflow avoids “agent fatigue” and encourages community contributions. He mentions their modular decoders and growing interest from contributors.

Advantages of eBPF and creative uses for the data

eBPF is a safe, efficient method for monitoring Linux kernel functions without risking system stability. He highlights eBPF’s advantages over traditional kernel modules for secure and efficient data collection.
Lyon discusses the creative use of kflow data generated by their solution, listing applications like malware detection, ransomware tracking, and threat hunting.
Lyon shares Tarsal’s future plans highlighting their new architecture for handling petabyte-scale data efficiently. He mentions their focus on creating the best connectors for diverse data sources.

Guest: Barrett Lyon (LinkedIn)
Company: Tarsal (Twitter)
Show: Let’s Talk

This summary was written by Emily Nicholls.

Tarsal’s open source project, kflow, simplifies security data collection

Integrating WebAssembly with Kubernetes using SpinKube

Open source collaboration breaks boundaries, connects developers globally | Alain Schoovers

Integrating WebAssembly with Kubernetes using SpinKube

Open source collaboration breaks boundaries, connects developers globally | Alain Schoovers

You may also like

Why High Availability Breaks Even in the Cloud and How to Fix It | Matthew Pollard, SIOS Technology | TFiR

How to Test Application Failures Without Touching Source Code | Kolton Andrus, Gremlin | TFiR

Why OpenTelemetry Is Now the Foundation for AI and Cloud Observability | Chris Aniszczyk, CNCF | TFiR

Why HA Health Checks Fail as Clusters Grow | Trey Isaac, SIOS Technology | TFiR

Why Cloud Development Feedback Loops Fail and How to Fix Them | Waldemar Hummer, LocalStack | TFiR

How Kubernetes 1.36 Handles GPU Scheduling, DRA, and Kubelet Security | Ryota Sawada, Kubernetes | TFiR