SECURITY

Runtime Protection

Identify and prevent threats across the stack
Runtime Protection

Identify and prevent threats across the stack

Security needs deep control

  • Business applications often require to connect cloud native workloads to legacy environments.
  • Legacy environments often secured by firewalls with IP based filters.
  • But workloads have changing IPs!
  • What to do? Configure firewalls too permissive, or let them become operational bottleneck?

Access control on system call level

  • Deep observability, ranging from detecting low-level microbursts in TCP connections to providing HTTP visibility for golden signal dashboards.
  • Transparent and low overhead, no application code changes needed. Observability data is collected transparently from within the kernel and minimal overhead is imposed using eBPF.
  • Preventive security, enforcing runtime policies in-kernel and synchronously preventing attacks.
  • Pluggable policy architecture, including systems like Open Policy Agent (OPA), or third party components via the extendable Kubernetes interfaces.
tetragon overview

Smart Observability

  • Add visibility to application workloads including the entire stack without code changes.
  • Efficient monitoring of key performance values of the applications, without heavy performance impact.
  • Simplified architecture, no kernel changes required, extendable plugin interface.
  • Add visibility to application workloads.

Introducing Tetragon

Tetragon provides eBPF-based transparent security observability combined with real-time runtime enforcement. The deep visibility is achieved without requiring application changes and is provided at low overhead thanks to smart in-kernel filtering and aggregation logic built directly into the eBPF-based kernel-level collector. The embedded runtime enforcement layer is capable of performing access control on the system call and other enforcement levels.

Want to learn more?

There is plenty more material available if you'd like to learn more.

Start a Lab

Step through our interactive labs in a sandbox environment.

Start a Lab

Contact Sales

Engage with the Isovalent sales team to assess an enterprise-grade deployment of Cilium.

Contact Sales

Request a Demo

Request a personalized live demo with an Isovalent Cilium Enterprise expert.

Request a Demo