Groundcover grows funding for eBPF-based observability tech

Groundcover’s expanded eBPF approach goes beyond traditional network monitoring, Azulay said: “eBPF is no longer just about network monitoring. We use it as an x-ray into operations flowing through the kernel of the operating system.” 

Groundcover uses eBPF to provide full application-level traces. Azulay explained that the system can see the payload of the request and the response. He noted that, for example, if a user is sending a prompt to OpenAI, Groundcover’s eBPF-based technology will see the exact prompt and the response from the server.

How Groundcover uses eBPF to enable observability

Groundcover uses two types of eBPF probes to get information. The first type is kernel space, which gets information coming directly into the Linux kernel at an operating system level. The second is via user space probes, which gives visibility into running applications.

“We can actually observe things happening in the application stack,” Azulay explained. “Even if a packet is encrypted when it goes through the Linux kernel, we know how to observe it before encryption in the actual application stack.”

Unlike traditional network-focused eBPF tools, he claimed that Groundcover’s approach provides full application monitoring, performance profiling and detailed transaction insights.

“eBPF kind of replaces a lot of the things we expect” from an application performance monitoring (APM) solution, Azulay said. “It’s not just sitting on the network layer seeing packets go through a wire. It’s much more sophisticated, with context about the application.”