Tarsal, a company specialising in security data movement, has unveiled a new open-source project called kflow. Based on the extended Berkeley Packet Filter (eBPF), kflow aims to improve cybersecurity by offering a new classification of security data. This development allows security teams to bridge the gap between network traffic and encrypted data, enabling real-time monitoring of Linux kernel activity.
eBPF is a kernel-level technology used for monitoring and manipulating Linux operating systems. It expands the operating system's capabilities by accessing the kernel without affecting system performance. kflow leverages this technology to enhance the range of data types that can be collected and analysed, extending beyond traditional network data. This enables organisations to process and analyse security data in real-time, thus improving system integrity and threat detection without the need for proprietary endpoint agents and Security Information and Event Management (SIEM) systems.
The project is spearheaded by Barrett Lyon, Tarsal's newly appointed Chief Technology Officer. Lyon joined Tarsal following the company's successful completion of a seed funding round that raised USD $6 million last month. The technology underpinning kflow has been in development for over four years, originating from the think tank Mango Slushy.
"With the introduction of kflow, we're not just launching an open-source project; we're creating a new classification of security data that will enable teams to treat security problems as data problems," said Barrett Lyon. "Our goal is to foster community and empower organisations to harness the full potential of their security data, enabling proactive defence mechanisms and smarter decision-making. kflow brings a whole new method of security research to the industry, and with this new method, kflow can change the future of security."
kflow offers a significant advancement in security data management by creating a new type of streaming security data. This allows for comprehensive visibility into system and network events, including pre-encrypted workloads. The project is versatile, applicable to a wide range of uses such as malware detection and tracing data movement. By adhering to a zero-trust approach in data movement, kflow ensures data integrity and security, making it more straightforward for users to detect ransomware and other cybersecurity threats.
Sunny Rekhi, CEO and co-founder of Tarsal, highlighted the importance of accessible data in enhancing security measures. "At Tarsal, we want to empower people to get the data they need, where they need it. The launch of kflow allows users to peruse as much data as they want, at no cost. More security data means better security detection and tools for teams, bringing us one step closer to making data analytics more affordable and comprehensive for security teams."
Tarsal's technology also includes a one-click Extract, Transform, Load (ETL) platform. This enables analysts and engineers to effortlessly ingest, normalise and analyse data, supporting integration with major data warehouses, SIEMs, and Extended Detection and Response (XDR) systems. The platform simplifies the complexities associated with managing multiple data sources and destinations, ensuring efficient data movement and high-quality data delivery from any source to any destination.