Isovalent Enterprise for Cilium: TLS Visibility

In this scenario, we are going to show how Isovalent Enterprise for Cilium can provide visibility into TLS traffic.

In security audits, a company or team has to verify their application protects data in transit and doesn’t leak information during communication, especially when data leaves a sensitive internal network. Mechanisms like TLS ensure that data is encrypted in transit, but verifying that a TLS configuration is secure becomes a challenge for most companies.

In this lab, you will learn how Isovalent Enterprise for Cilium can:

  • Identify the version of TLS being used, informing us if an obsolete and insecure version is being used
  • Report on the cipher being used
  • Export events in JSON format to SIEM

Main steps in the lab

01📋 Verifying the installation

Let's explore the lab environment and verify the installation has been successful.

02🚀 Runtime and Network Visibility with Tetragon

Let's use Tetragon and see the level of visibility we get out of the box.

03👓 Visualize TLS information

Let's deploy a TracingPolicy to gain deeper insight into TLS communications.

04👨🏻‍💻 Observe security events as raw JSON

Events can be exported to SIEM in the JSON format. Let's look at some of the standard event outputs.