Isovalent Enterprise for Cilium

Hardened, enterprise-grade eBPF-powered networking, observability, and security.
Request a demoWhat’s new in Isovalent Enterprise for Cilium?
Isovalent Enterprise for Cilium

Enterprise-class eBPF-powered solution for your cloud native infrastructure

Compliance and forensics with eBPF-based security

With the power of eBPF, Isovalent Enterprise for Cilium combines network and runtime behavior with Kubernetes identity to provide a single source of data for cloud native forensics, audit, compliance monitoring, and threat detection integrated into your SIEM/log aggregation platform of choice.

  • Identity-Aware Event SIEM Export
  • Network Flow Visibility
  • Workload Runtime Visibility
  • Compliance Monitoring
Learn more
security

Secure and scalable connectivity with eBPF-based networking

Isovalent Enterprise for Cilium scales effortlessly for any deployment sizes, whether it is 50 pods or 100,000. With capabilities such as traffic management, load balancing, and infrastructure monitoring, Isovalent Enterprise for Cilium is extensively tested, fully backported, and covered by 24x7 support from the builders of eBPF and Cilium.

  • Zero-Trust Network Policy
  • High-Performance Load Balancing
  • Multi-cluster Connectivity
  • Transparent Encryption
Learn more
networking

App troubleshooting with 
eBPF-based observability

Isovalent Enterprise for Cilium enables self-service for monitoring, troubleshooting, and security workflows in Kubernetes so teams can access current and historical views of flow data, metrics, and visualizations for their specific namespaces. This helps them if any network connectivity issues impact their app health.

  • Multi-tenant Connectivity Data + Metrics
  • Historical Data Views + Analytics
  • Simplified Network Policy Creation
  • Automated Network Policy Approvals
Learn more
observability-graph

Editions: Open source and Enterprise

Choose the product edition that suits your use case the best.

Features

Open Source

Get started with Cilium

Enterprise

Schedule a demo
Advanced Networking & Routing (CNI)
Highly scalable IPv4 and IPv6 Kubernetes CNI
eBPF powered high performance datapath
Overlay, Direct, and Cloud Provider Routing Modes
High-performance L3/L4 Pod Load-balancing (kube-proxy replacement)
Advanced Bandwidth Management (Fair Queueing, TCP Optimization, Rate Limiting)
3rd-party BGP integrations (MetalLB, BIRD, etc.)
SRv6
Native support for public cloud integration
Network Policy & Segmentation
Kubernetes Label, Services, CIDR
Zero Trust Network Security
Identity-based enforcement
DNS-aware policies
HA Capability
Automatic Policy Creation based on Network Traffic
Advanced Policy Troubleshooting UI
Simplified Policy Creation Tools & APIs
Multi-Cluster
Service Discovery & Global Services
Multi-Cluster Routing
Network Policy & Encryption
Global Visibility & Flow Export
Load-Balancing
Kubernetes services (kube-proxy replacement)
Advanced L3/L4 External Load-balancing (including XDP-acceleration, Direct Server Return, Maglev)
Topology-aware Routing
Encryption
Transparent IPsec Encryption
Transparent Wireguard Encryption
Multi cluster automation
Non-Kubernetes Workloads & Endpoints
Traditional Firewall Integration / Static Egress Gateway
HA Capability
VM & Metal Workload Support
Control plane automation
Additional hypervisor orchestration
Static Egress gateway
HA Capability
Stand alone Load Balancer
Integrations
OpenShift
AWS EKS (ENI)
AWS EKS (Chaining)
AWS EKS Anywhere
Azure AKS (BYOCNI)
Azure CNI Powered by Cilium Enterprise
Google Cloud GKE
Rancher (RKE2)
Mirantis Kubernetes Engine (MKE)
Kubermatic Kubernetes Platform (KKP)
ARM64 support
Runtime Security Visibility
K8s Identity Aware Correlated Runtime & Network Visibility
K8s Identity Aware L3/L4 Networking Events
K8s Identity Aware L7 (HTTP, TLS, DNS) Events
K8s Identity Aware System Call Visibility
K8s Identity Aware Sandbox Policies (Visibility)
File Integrity Monitoring (SHA256)
Default Runtime Security Ruleset (Visibility)
Runtime Security Metrics
Runtime Security Enforcement
Real-time Runtime Enforcement
K8s Identity Aware Sandbox Policies (Enforcement)
Automated CVE Protection (Database)
File Integrity Enforcement (SHA256)
Compliance Monitoring
TLS/SSL Handshake Analysis
L7 Data Pattern Detection with kTLS
K8s Identity-aware Tap/Mirror (IDS insertion)
Real Time Monitoring, Enforcement and Analysis for NIST-800 Compliance
Real Time Monitoring, Enforcement and Analysis for SOC/ISO 27001 Compliance
File Integrity Monitoring and Enforcement Via SHA256 Digest (PCI-DSS, HIPAA)
Forensics, Audit, & Incident Investigation
Automated SIEM export (Splunk, Elasticsearch, SumoLogic, etc)
Automated Grafana Integration (Grafana Enterprise and GrafanaCloud)
Automated Timescape Support
Installation
Cloud Native Installation (daemonset)
Standalone Installation (systemd managed service or docker container)
ARM Support
Openshift Support
Network & Service Observability
DNS Visibility
Global metrics and visibility across infrastructures
Application and Service Runtime health visibility
L7 Protocol Observability (HTTP, gRPC, Kafka, ...)
Proxy-based L7 Visibility
TLS-termination for L7 Visibility
eBPF-based high-performance parsers
Metrics & Tracing Export
Prometheus Export
OpenTelemetry
Multi-Tenancy / RBAC
Application Health and Performance monitoring via Golden Signals
Service & Tracing Map (Hubble UI)
Hubble Cluster-wide Flow Visibility CLI / API
Hubble Service Map + Flow Visibility UI
Troubleshooting Capabilities
Multi-Tenancy / RBAC
Historic Visibility (Timescape)
Historical Flow, Tracing and Analytics Data
Multi-Cluster
Multi-Tenancy / RBAC
Service Mesh Datapath
eBPF-based sidecar-free datapath
Native Envoy Integration
Ingress
Upstream compliant Ingress Controller
Canary Rollouts
TLS Termination
SSL Passthrough (coming soon)
Traffic & Service Management
Multi-Cluster Routing
Circuit Breaking
Retries
Canary Rollouts
Rate Limiting
Control Plane Integrations
Native Kubernetes Integration
Envoy Configuration CRD
Gateway API
SMI (coming soon)
SPIFFE Support (coming soon)
Tracing & Metrics
Hubble Export
OpenTelemetry
Prometheus
Security
TLS based mutual authentication
L7 Authorization'
Enterprise-hardened Cilium Versions and Testing'
24x7 Enterprise Grade Support SLA
Proactive Support Environment Reviews
Cilium + Hubble Technical Training
Dedicated Solutions Architect
Directed Development / Custom Integrations