Product

Enterprise-class eBPF-powered Networking, Observability, and Security.

Cilium Enterprise

Our philosophy

Cilium open source

Cilium Open Source provides eBPF-based networking, observability, and security with optimal scale and performance for platform teams operating Kubernetes environments across cloud and on-prem infrastructure.

Cilium enterprise

Cilium Enterprise addresses the complex workflows related to security automation, forensics, compliance, role-based access control, and integration with legacy infrastructure that arise as platform teams engage with application and security teams within an enterprise organization.

Cilium Enterprise

Our offering

Secure & Scalable Connectivity

  • Zero-Trust Network Policy
  • High-Performance Load Balancing
  • Multi-cluster Connectivity
  • Transparent Encryption

Security Compliance & Forensics

  • Identity-Aware Event SIEM Export
  • Network Flow Visibility
  • Workload Runtime Visibility
  • Compliance Monitoring

Application Team Troubleshooting & Policy Workflows

  • Multi-tenant Connectivity Data + Metrics
  • Historical Data Views + Analytics
  • Simplified Network Policy Creation
  • Automated Network Policy Approvals

Secure & Scalable Connectivity

The Problem

Platform teams pride themselves on providing the highest performance, most scalable infrastructure. Thanks to eBPF, Cilium Enterprise delivers the most modern networking and security solution – the scalability and performance you need without the compromises required by other solutions.

Our Solution

Whether you have 50 pods or 100K, Cilium effortlessly forwards, load balances and monitors your infrastructure. Highly tested, fully backported, and backed by 24/7 support from the builders of eBPF and Cilium, you can trust your most important workloads to Cilium Enterprise.

Security Compliance & Forensics

The Problem

Traditional approaches to network security visibility provide little help when performing incident investigations, compliance monitoring, or threat detection for Kubernetes workloads. These tools operate only at the network perimeter, missing the vast majority of service-to-service communications and rely heavily on IP and port-based flow logs. Since Kubernetes workloads are highly ephemeral, IP-based logs fail to reliably identify the team or service that initiated or received a network connection. Simply knowing the port of connection is insufficient, as you also need to know whether the connection was allowed/denied, properly encrypted, and need the contents of higher level protocols (e.g. HTTP headers).

Our Solution

The power of eBPF gives Cilium a uniquely powerful and efficient vantage point for security visibility that combines network and runtime behavior, with full Kubernetes identity to provide a single source of data for cloud native forensics, audit, compliance monitoring and threat detection integrated into your SIEM/log aggregation platform of choice.

Learn More

Application Team Troubleshooting & Policy Workflows

The Problem

As application teams architect and run highly distributed API-driven services in Kubernetes, visibility into network connectivity behavior is critical to running production-grade services. Kubernetes, however, provides little visibility into the network behavior of the workloads it runs as Pods. Traditional IP-based network monitoring tools don’t really help, given that ephemeral Pod IPs do not identify the services that are impacted, and lack the ability to restrict an application team’s view of this data to only the data relevant to their application. The end result is that Kubernetes platform teams are often pulled in to assist.

Our Solution

Cilium Enterprise provides simple “self-service” tools for monitoring, troubleshooting, and security workflows in Kubernetes. Each application team is given access to both current and historical views of flow data, metrics, and visualizations for their specific namespace(s), helping them to easily understand if network connectivity issues are impacting their application health. Additionally, using a combination of this historical connectivity data and information about InfoSec policies, a suite of tools automates the creation and approval of network policies, allowing it to be an integrated part of the application teams CI/CD process.

Learn More

Cilium Editions

Cilium Community

Features that are part of the open source Cilium community codebase.

Cilium Enterprise

Hardened & supported
distribution of Cilium plus advanced observability and security workflows.

Core Secure & Scalable Connectivity

Highly scalable IPv4 and IPv6 Kubernetes CNI
Overlay, Direct, and Cloud Provider Routing Modes
High-performance L3/L4 Pod Load-balancing (kube-proxy replacement)
Kubernetes label & CIDR network policies
DNS-aware Network Policies
Host Network Policies
Deny Network Policies

Advanced Secure & Scalable Connectivity

Ops-Centric Connectivity Observability

Application Team Troubleshooting & Policy Workflows

SecOps Observability Workflows

Enterprise Distribution & Support