SIEM Export

Cloud Native Network, Security and
Runtime Observability Data in your SIEM
SIEM Export

Integrate Cloud Native Network, Security and Runtime Observability into your SIEM

Traditional Network Security

  • Visibility is lost when moving to K8s with only traditional endpoint security available
  • IPs, ports and perimeters are meaningless data points for security teams in a cloud native world
  • Only dumb data collection is possible: Too much noise, not enough signal
  • Compliance requirements are hard to validate or enforce this way

Cilium Network Security

  • Labels, namespaces and protocol details are building blocks of cloud native environments
  • Identity aware rich data to correlate networking, identity and processes and to understand origin and destination of events
  • No changes to the app are needed, overall low impact on performance and complexity
  • Runs on any platform (multi-cloud, on-prem, k8s, VMs) and integrates with existing SIEM

Cloud native security

With the migration to cloud native environments, a lot of visibility in your SIEM is lost or lacking context due to ephemeral IP addresses, lack of visibility into Kubernetes environments, and missing understand of cloud native identity concepts.

Isovalent Cilium Enterprise can close this gap by exporting rich observability data covering networking, security, and runtime insights of your cloud native environments directly into your exiting SIEM.

Execution insights combines these data with rich information about the binary executed inside the pod itself. That includes events for process execution, the full process ancestry and associated security relevant syscalls to investigate incidents and detect threats.

Together, data sent to the SIEM provide rich information about each object of the cluster including detailed information of the actual communication on an API level.

  • Overcoming the lack of network, application visibility of Kubernetes without any performance overhead, applications changes or the use of service mesh

  • Increasing ROI of your existing SIEM tooling

  • Ability to extend already configured security and observability rules to Kubernetes right away!

  • Savings from avoiding extra security tooling for Kubernetes

  • Easy compliance monitoring and enforcement for Kubernetes

Data we are collecting

  • Network connectivity logs (L3-L7)
  • Security & Compliance reports
  • Security Policy Violations
  • Runtime/Syscall events
  • TLS statistics & Traces

Process Tree

Process Tree

Some of Our Supported SIEM platforms

elasticsearchfluentd-logoSantinelsplunkSumo_Logic_Logo 2

What our customers say

tim-hockin
kubernetes
Cilium and the team around it have impressed me from the beginning. My mind is spinning with the possibilities of eBPF.