Tetragon
eBPF-based Security Observability and Runtime Enforcement
Tetragon is a Kubernetes-native synchronous monitoring, filtering & enforcement tool that applies policies and filtering directly in-kernel with eBPF.
Kubernetes Aware
Kubernetes context awareness (namespaces, labels, pods, etc) provides fine grained control over workloads
Minimal Overhead
Low overhead eBPF programs for in-kernel smart filtering, aggregation, and telemetry collection
Deep Visibility
From low-level kernel visibility, all the way up into the application layers
Low overhead, kubernetes native runtime security
Legacy Endpoint Security
- Requires application changes for fleet wide roll outs and implementations
- Filter and process events in user space, requiring substantial overhead and resource utilization
- Limited visibility and lack of Kubernetes awareness or container context
- Isolated visibility across network and runtime events
eBPF-powered with Tetragon
- Resource efficient with in-kernel filtering and aggregation logic
- Deep observability without requiring application code changes
- Real-time runtime enforcement capable of performing access control and killing processes
- Kubernetes aware, matching policies to specific K8s namespaces, pods, and more
Identity-Aware Runtime Visibility
- Correlated networking and runtime visibility
- Fine-grained control based on hook points (kernel functions and system calls)
- L3 and L4 network visibility across workloads
- Kubernetes awareness of namespaces, pods, and more
Powerful and Lightweight
- Only relevant events get transferred to user space, significantly reducing CPU & Memory overhead
- Trace function calls, process execution, and more all the way into kernel subsystem
- Near baseline overhead across key use cases (ex: tracing every executable in the system, monitoring for suspicious file activity)
Read the 1.0 Announcement
Introducing Tetragon 1.0: eBPF-based Security Observability & Runtime Enforcement
Learn more here
Tetragon Enterprise
All of the above, plus:
- Identity-aware L7 (HTTP, DNS, TLS, Kafka, gRPC) networking events
- Tetragon rule converter for existing osquery, Falco, F5, Sentinel rulesets
- Analysis of weak TLS/SSL ciphers
- Improved in-kernel smart collection for lower overhead
- Track all process executions and reconstruct the full process ancestry tree, using Hubble
Transparent Kubernetes Observability
Get started with Tetragon now. Easy to deploy and ready to work without any application changes. Watch here for a walkthrough of rolling out Tetragon without Cilium!
Want to learn more?
There is plenty more material available if you'd like to learn more.
Contact Sales
Engage with the Isovalent sales team to assess an enterprise-grade deployment of Cilium.
Contact SalesRequest a Demo
Request a personalized live demo with an Isovalent Cilium Enterprise expert.
Request a Demo