Isovalent Enterprise for Cilium: TLS Visibility

In this scenario, we are going to show how Isovalent Enterprise for Cilium can provide visibility into TLS traffic.

In Security Audits, a company or team has to verify their application protects data in transit and doesn’t leak information during communication, especially when data leaves a sensitive internal network. Mechanisms like TLS ensure that data is encrypted in transit, but verifying that a TLS configuration is secure becomes a challenge for most companies.

In this lab, you will learn how Isovalent Enterprise for Cilium can:

  1. identify the version of TLS being used, informing us if an obsolete and insecure version is being used
  2. report on the cipher being used and 3) export events in JSON format to SIEM.

Main steps in the lab

01 📋 Verifying the installation

Let's explore the lab environment and verify the installation has been successful.

02🚀 Runtime and Network Visibility with Tetragon

Let's use Tetragon and see the level of visibility we get out of the box.

03👓 Visualize TLS information

Let's deploy a TracingPolicy to gain deeper insight into TLS communications.

04👨🏻‍💻 Observe security events as raw JSON

Events can be exported to SIEM in the JSON format. Let's look at some of the standard event outputs.