SIEM Export
Runtime Observability Data in your SIEM
Integrate Cloud Native Network, Security and Runtime Observability into your SIEM
Traditional Network Security
- Visibility is lost when moving to K8s with only traditional endpoint security available
- IPs, ports and perimeters are meaningless data points for security teams in a cloud native world
- Only dumb data collection is possible: Too much noise, not enough signal
- Compliance requirements are hard to validate or enforce this way
Cilium Network Security
- Labels, namespaces and protocol details are building blocks of cloud native environments
- Identity aware rich data to correlate networking, identity and processes and to understand origin and destination of events
- No changes to the app are needed, overall low impact on performance and complexity
- Runs on any platform (multi-cloud, on-prem, k8s, VMs) and integrates with existing SIEM
Cloud native security
With the migration to cloud native environments, a lot of visibility in your SIEM is lost or lacking context due to ephemeral IP addresses, lack of visibility into Kubernetes environments, and missing understand of cloud native identity concepts.
Isovalent Cilium Enterprise can close this gap by exporting rich observability data covering networking, security, and runtime insights of your cloud native environments directly into your exiting SIEM.
Execution insights combines these data with rich information about the binary executed inside the pod itself. That includes events for process execution, the full process ancestry and associated security relevant syscalls to investigate incidents and detect threats.
Together, data sent to the SIEM provide rich information about each object of the cluster including detailed information of the actual communication on an API level.
Overcoming the lack of network, application visibility of Kubernetes without any performance overhead, applications changes or the use of service mesh
Increasing ROI of your existing SIEM tooling
Ability to extend already configured security and observability rules to Kubernetes right away!
Savings from avoiding extra security tooling for Kubernetes
Easy compliance monitoring and enforcement for Kubernetes
Data we are collecting
- Network connectivity logs (L3-L7)
- Security & Compliance reports
- Security Policy Violations
- Runtime/Syscall events
- TLS statistics & Traces
Process Tree
Some of Our Supported SIEM platforms
What our customers say
Cilium and the team around it have impressed me from the beginning. My mind is spinning with the possibilities of eBPF.