Unlock the Power of APIs with Levo

The Ultimate API Security Platform
Book a Free Demo

Supercharge IAM with eBPF

June 13, 2024

Supercharge IAM with eBPF

Harish Nataraj

April 19, 2022 · 4 min read

IAM is complex in Microservices

Modern applications are comprised of APIs and complex Identity & Access Management (IAM) constraints.

IAM involves Role Based Access Control (RBAC) policies, that try to answer the following questions:

  • What is the identity of the user making the request?
  • What are their role (or scope) entitlements?
  • Does the role give them access to the API operation they are attempting?
  • Does the role given them access to specific JSON objects being requested?

Suboptimal IAM configuration leads to authorization exploits

Given the complexity of API, roles, and associated RBAC policies, it is very easy to misconfigure authorization, resulting in dangerous exploits that leak customer data.

Horizontal Authorization Exploit

Vertical Authorization Exploit

Preventing IAM abuse requires API observability

Preventing authentication & authorization exploits requires the continuous monitoring of your users, their role entitlements and the specific APIs/JSON objects they are trying to access.

Which users, under what roles, access which APIs?

At a minimum you need to be able to answer the following questions:

  • Who are my users?
  • What are the role entitlements for these users?
  • What specific API endpoints and JSON objects are being accessed via the role entitlements?

Current observability methods are too intrusive

Packet Capture — no TLS visibility & too CPU intensive

InApp Agents — require code changes & lead to increased latency

Sidecar Agents — require code changes & lead to increased latency

Conventional observability is based on Traffic Mirroring (packet capture), In-App Agents, or Sidecar Proxy Agents.

All these techniques require application code/config changes, lead to increased application latency, and increased operational overhead (additional steps during debugging, upgrading, etc.)

Conventional tools result in increased friction between Developers, Operations, and Security.

Levo’s eBPF enables frictionless IAM Observability

Levo uses eBPF probes to passively instrument modern apps.

Levo’s Agent-less / No-Code Instrumentation

Below are top benefits of Levo’s eBPF based API observability solution:

  • Instant & comprehensive observability for your APIs, roles, and users.
  • Agent-less, and does not require code or configuration changes to your applications.
  • Full TLS / SSL visibility for all applications and services.
  • TLS observability does not require sharing of private keys.
  • Completely passive, and not in line with the application.
  • No impact on the application’s latency.
  • No impact on daily operational workflows (debugging, upgrading, etc.).
  • Eliminates friction between Developers, Operations, and Security, which is common with conventional tools.

Interested in trying Levo’s API Observability?

Levo is a purpose-built, developer-first API security solution that fully automates API Observability & Testing in CI/CD pipelines.

Contact us at inquiry@levo.ai, for more details on eBPF based API Observability.

Thanks for reading,

Harish

elliptical light

Flexibility for the Modern Enterprise

  • Runtime Agnostic
  • Cloud Agnostic
  • Programming Language Agnostic

Subscribe for experts insights on application security.

Oops! Something went wrong while submitting the form.
Guide to RBI’s Master Directions on Cyber Resilience for PSOs
Guide to RBI’s Master Directions on Cyber Resilience for PSOs
Levo.ai API Security Platform Updates January 2025
Levo.ai API Security Platform Updates January 2025
An enterprise’s guide to DPDP Implementation
An enterprise’s guide to DPDP Implementation
Go back to Blog & Articles
Linkedin IconTwitter IconFacebook icon
AICPA logoGDPR logoISO logoLevo image
ProductUse CasesPricingEventsCompanyContact Us
ResourcesEventsDocsFAQs
Privacy PolicyTerms and ConditionsCookie PolicySecurity InformationData Processing Agreement
Copyright © Levo