White papers

Mastering Cilium for Kubernetes Compliance

Read the Cilium white paper from Isovalent and ControlPlane, solving NIST and other compliance frameworks in cloud-native environments. 

The executive summary below maps out the scope and importance of this white paper for technical audiences and leadership teams. This guide is framed around the NIST 800 controls as a way to dive into specific feature-to-control relationships, and is written to be applicable and foundational across any compliance framework.

Download now and get a deep, technical understanding of the future of cloud-native compliance, regardless of which compliance framework you are looking to solve!

Executive Summary

Problem Overview: Solving the security and management of dynamic Kubernetes environments is challenging. Traditional solutions fall short of addressing the complexities inherent in securing ephemeral IPs, dynamic pod lifecycles, and future-aligned network configurations.

This whitepaper addresses cloud native gaps, aligned closely with NIST 800-53r5 under the following control families: Access Control, Auditing and Accountability, and Incident Response.

Solution Highlight: Cilium, as a CNCF-graduated project and the only graduated CNI plugin, serves as the cloud native standard for secure and observable connectivity and offers an array of advanced functionalities that span networking to runtime through sub-projects Hubble and Tetragon.

Cilium, Hubble, and Tetragon simplify access control at the runtime and network layer, provide deep auditing and accountability data, and provide real-time and historical incident response across Linux environments. 

Key Features: Cilium’s differentiators are advanced eBPF-powered networking, security, and observability features, which grant organisations Kubernetes identity awareness and fine-grained control. These capabilities facilitate easy-to-deploy implementation and validation of compliance principles in Kubernetes environments, supported by Hubble observability and Tetragon runtime features.

Target Audience: This document is tailored for technical compliance stakeholders, security teams, and platform engineering teams looking for a comprehensive solution to effectively manage Kubernetes environments and implement compliance principles using eBPF and Cilium.

This whitepaper focuses on publications from the NIST Computer Security Resource Center, namely the controls detailed in NIST SP 800-53r5 with some additional content from NIST SP 800-190; however, the applicability of these solutions is far more wide-reaching than just passing NIST assessments. NIST SP 800-53r5 is a widely used, industry-agnostic framework that shares many of the same principles as industry-specific standards like SOC2, ISO, HIPAA, USDP, FIPS, and more. 

mastering cilium for kubernetes compliance whitepaper

Complete the form to download


Fireside Chat: Cloud Native Security & Compliance

Join ControlPlane’s CEO Andrew Martin and Isovalent’s Chief Open Source Officer Liz Rice for a fireside chat where they demystify Cloud Native Security and Kubernetes Compliance.


How to enable host-based Kubernetes visibility

Correlate process-to-network data. Learn how Tetragon’s lightweight eBPF sensor captures K8s telemetry down to the binary, tying process to network data with no application changes. Decode DNS, TLS, HTTP, UDP, TCP , and more while matching to process ancestry information, all with Kubernetes identity-aware metadata (labels, pod names, etc). Read the solution brief and get under the hood with Tetragon.

Jeremy Colvin

Getting Started with Tetragon

Security Observability is a new paradigm that utilizes eBPF, a Linux kernel technology, to allow Security and DevOps teams, SREs, Cloud Engineers, and Solution Architects to gain real-time visibility into Kubernetes and helps to secure your production environment with Tetragon. Tetragon is an open source Security Observability and Runtime Enforcement tool from the makers of Cilium. It captures different process and network event types through a user-supplied configuration to enable security observability on arbitrary hook points in the kernel; then translates these events into actionable signals for a Security Team. The best way to learn about Security Observability and Cilium Tetragon is to read the book “Security Observability with eBPF” by Jed Salazar and Natalia Reka Ivanko. And the best way to have your first experience with Tetragon is to walk through this lab, which takes the Real World Attack example out of the book and teaches you how to detect a container escape step by step!

Industry insights you won’t delete. Delivered to your inbox weekly.