Briefs

How to enable host-based Kubernetes visibility

Correlate process-to-network data

Learn how Tetragon’s lightweight eBPF sensor captures K8s telemetry down to the binary, tying process to network data with no application changes.

Decode DNS, TLS, HTTP, UDP, TCP , and more while matching to process ancestry information, all with Kubernetes identity-aware metadata (labels, pod names, etc).

Read the solution brief and get under the hood with Tetragon.

How to associate network data with a process?

We need to know which process sent out this HTTP call on Tuesday at 3:15 p.m. from host A. How can we possibly get this info?

The largest companies in the world with dozens of security tools are still flying blind when it comes to securing Kubernetes. Why?

Because they are relying on traditional tooling that only see’s IPs. But IP addresses are useless information in cloud-native environments, they can change by the minute.

What they need instead is the ability to look at the network and node processes at the same time, mapping one layer to the other. Break down traditional silos around networking and process level observability. 

Meet Tetragon, offering host-based Kubernetes visibility, mapping process information (down to the binary and parent id) to the network traffic they create.

Saved thousands of people hours Ease of deployment, even in cloud Crucial insights for security and compliance teams

Tetragon’s eBPF deployment saves hundreds if not thousands of people hours, and doesn’t add any equipment to your racks.

Learn more about what protocols Tetaragon parses, cloud compatibility, and extensive filtering in the solution brief.

Complete the form to download

Related

Getting Started with Tetragon

Security Observability is a new paradigm that utilizes eBPF, a Linux kernel technology, to allow Security and DevOps teams, SREs, Cloud Engineers, and Solution Architects to gain real-time visibility into Kubernetes and helps to secure your production environment with Tetragon. Tetragon is an open source Security Observability and Runtime Enforcement tool from the makers of Cilium. It captures different process and network event types through a user-supplied configuration to enable security observability on arbitrary hook points in the kernel; then translates these events into actionable signals for a Security Team. The best way to learn about Security Observability and Cilium Tetragon is to read the book “Security Observability with eBPF” by Jed Salazar and Natalia Reka Ivanko. And the best way to have your first experience with Tetragon is to walk through this lab, which takes the Real World Attack example out of the book and teaches you how to detect a container escape step by step!

Tetragon 1.0: Kubernetes Security Observability & Runtime Enforcement with eBPF

Tetragon 1.0 - What is new? Performance overhead benchmarks, default observability policies, kubectl exec monitoring, and much more!

Tetragon 1.0: Kubernetes Security Observability & Runtime Enforcement with eBPF
Thomas Graf

Isovalent Enterprise for Cilium: TLS Visibility

In this scenario, we are going to show how Isovalent Enterprise for Cilium can provide visibility into TLS traffic. In security audits, a company or team has to verify their application protects data in transit and doesn’t leak information during communication, especially when data leaves a sensitive internal network. Mechanisms like TLS ensure that data is encrypted in transit, but verifying that a TLS configuration is secure becomes a challenge for most companies. In this lab, you will learn how Isovalent Enterprise for Cilium can: Identify the version of TLS being used, informing us if an obsolete and insecure version is being used Report on the cipher being used Export events in JSON format to SIEM

Industry insights you won’t delete. Delivered to your inbox weekly.