eBPF-based Security Observability & Runtime Enforcement
tetragon overview diagram

eBPF-based Security Observability and Runtime Enforcement

Tetragon is a Kubernetes-native synchronous monitoring, filtering & enforcement tool that applies policies and filtering directly in-kernel with eBPF.

Kubernetes Aware

Kubernetes context awareness (namespaces, labels, pods, etc) provides fine grained control over workloads

Minimal Overhead

Low overhead eBPF programs for in-kernel smart filtering, aggregation, and telemetry collection

Deep Visibility

From low-level kernel visibility, all the way up into the application layers

Low overhead, kubernetes native runtime security

Legacy Endpoint Security

  • Requires application changes for fleet wide roll outs and implementations
  • Filter and process events in user space, requiring substantial overhead and resource utilization
  • Limited visibility and lack of Kubernetes awareness or container context
  • Isolated visibility across network and runtime events

eBPF-powered with Tetragon

  • Resource efficient with in-kernel filtering and aggregation logic
  • Deep observability without requiring application code changes
  • Real-time runtime enforcement capable of performing access control and killing processes
  • Kubernetes aware, matching policies to specific K8s namespaces, pods, and more
Identity-Aware Runtime Visibility

Identity-Aware Runtime Visibility

Powerful and Lightweight

Powerful and Lightweight

  • Only relevant events get transferred to user space, significantly reducing CPU & Memory overhead
  • Trace function calls, process execution, and more all the way into kernel subsystem
  • Near baseline overhead across key use cases (ex: tracing every executable in the system, monitoring for suspicious file activity)

Read the 1.0 Announcement

Introducing Tetragon 1.0: eBPF-based Security Observability & Runtime Enforcement

Learn more here
Tetragon Enterprise

Tetragon Enterprise

All of the above, plus:

  • Identity-aware L7 (HTTP, DNS, TLS, Kafka, gRPC) networking events
  • Tetragon rule converter for existing osquery, Falco, F5, Sentinel rulesets
  • Analysis of weak TLS/SSL ciphers
  • Improved in-kernel smart collection for lower overhead
  • Track all process executions and reconstruct the full process ancestry tree, using Hubble

Transparent Kubernetes Observability

Get started with Tetragon now. Easy to deploy and ready to work without any application changes. Watch here for a walkthrough of rolling out Tetragon without Cilium!

Want to learn more?

There is plenty more material available if you'd like to learn more.

Start the Tetragon Lab

Try Tetragon now!

Start the Lab

Contact Sales

Engage with the Isovalent sales team to assess an enterprise-grade deployment of Cilium.

Contact Sales

Request a Demo

Request a personalized live demo with an Isovalent Cilium Enterprise expert.

Request a Demo