A Deep Analysis of Performance Metrics and Comparative Assessment of Network Telemetry Tools in Linux Environments
Prachi Gupta
*
Azure Security, Microsoft, Peoria, AZ, USA.
*Author to whom correspondence should be addressed.
Abstract
As cyber-attacks targeting public cloud infrastructure increase in severity, it is essential to have strong network security measures for Linux machines. [1] Recent statistics underscore the severity of the situation, with a significant 39% of businesses experiencing security breaches within their cloud environments in 2022. This data shows a notable 35% increase in security attacks from the previous year. These breaches affected around 400 million individuals, emphasizing the urgent need for action.
As organizations increasingly migrate their operations to the cloud, addressing security risks is paramount. This needs a comprehensive approach to cloud security, focusing on monitoring and surveillance of cloud infrastructure usage by customers. Effective security observability requires deploying monitoring and alerting systems capable of promptly detecting and mitigating potential threats in real-time. [2] The Linux community has embraced Berkeley Packet Filter (BPF) technology as a cornerstone in this effort. BPF's flexibility and extensibility have led to the development of sophisticated tools, offering unparalleled capabilities in enhancing security observability and response mechanisms. This study begins by examining legacy solutions like auditd, which help auditing of all aspects of Linux machines. It also explores the origins and evolution of BPF within the Linux ecosystem, highlighting its transformative impact.
The study further delves into BPF-based monitoring tools tailored for scrutinizing Linux system processes. It elucidates their functionalities and meticulously assesses the performance of select tools and technologies. Rigorous experimental method, involving virtual machines with identical specifications subjected to network load simulations, ensures reliable and unbiased performance evaluations. Through this experimentation, valuable insights into resource consumption patterns for each tool are gleaned, aiding informed decision-making in tool selection and deployment strategies.
Keywords: Challenges with auditd in network monitoring, bpftrace implementations in real-world scenarios, ebpf evolution and use cases, linux network monitoring, performance comparison of bpf based network monitoring tools, security in public cloud