Security Compliance & Forensics

Perform incident investigation.
Audit connectivity and detect threats.
Monitor security compliance.

For a SecOps teams to sign-off and allow critical workloads to run in a Kubernetes environment, they require the tools to perform efficient incident investigations and monitor all key compliance requirements. While the ephemeral nature of IP addresses in Kubernetes thwarts traditional tools, Cilium Enterprise efficiently monitors the precise Linux process and command, container, and Kubernetes Pod identity for each connection. Cilium Enterprise exports this data to a SecOps team’s existing SIEM, providing all the visibility needed to identify potential breaches, investigate attacks and lateral movement, and audit the environment for security compliance.
video placeholder
Play button
5:26

User Story - Capital One

“We do hundreds of deployments per day and have clusters with thousands of pods... Cilium has allowed us to provide less friction to more and more teams while using modern technology to meet our security and regulatory requirements.”

Bradley Whitfield, Capital One

Cilium Enterprise Capabilities


Identity-aware Event SIEM Export

Leverage Cilium’s unique vantage point inside the network and the OS by exporting rich identity-aware events to any of the major SIEM and cloud storage providers without sacrificing performance and valuable compute resources. Flexible filtering and aggregation framework gives you control over what data to export, what signatures to alert on how much storage to consume.

Image 1

Network Flow Visibility

Cilium efficiently extracts data about all network activities within the Kubernetes environment, providing L3/L4 and L7 flow events with full Kubernetes identity for pods and DNS-identity for external endpoints.

Image 2

Workload Runtime Visibility

Network flow data is combined with rich data about the binary executing inside the pod, including events for process execution with full process ancestry and associated security-relevant syscalls to investigate incidents and detect threats.

Image 3

Compliance Monitoring

Free your Security and Operation Teams from the need to review each policy change manually. Ensure that all traffic that needs to be encrypted is protected by the appropriate TLS version and ciphers, that the SNI matches the original destination DNS name, and that the certificate received is signed by a trusted certificate authority.

Image 4