Perform incident investigation.
Audit connectivity and detect threats.
Monitor security compliance.
“We do hundreds of deployments per day and have clusters with thousands of pods... Cilium has allowed us to provide less friction to more and more teams while using modern technology to meet our security and regulatory requirements.”
Bradley Whitfield, Capital One
Leverage Cilium’s unique vantage point inside the network and the OS by exporting rich identity-aware events to any of the major SIEM and cloud storage providers without sacrificing performance and valuable compute resources. Flexible filtering and aggregation framework gives you control over what data to export, what signatures to alert on how much storage to consume.
Cilium efficiently extracts data about all network activities within the Kubernetes environment, providing L3/L4 and L7 flow events with full Kubernetes identity for pods and DNS-identity for external endpoints.
Network flow data is combined with rich data about the binary executing inside the pod, including events for process execution with full process ancestry and associated security-relevant syscalls to investigate incidents and detect threats.
Free your Security and Operation Teams from the need to review each policy change manually. Ensure that all traffic that needs to be encrypted is protected by the appropriate TLS version and ciphers, that the SNI matches the original destination DNS name, and that the certificate received is signed by a trusted certificate authority.