White papers

The Blueprint for Kubernetes Compliance

Supercharge your cloud-native compliance with the white paper from Isovalent and ControlPlane!

Master NIST-800 and other key compliance frameworks in cloud-native environments, with insights tailored for technical experts and leadership teams alike.

 

What’s inside:

  • Executive Summary: A comprehensive overview designed for both technical audiences and leadership teams.
  • NIST 800 Controls: A detailed analysis connecting specific features to control requirements.
  • The Cilium, Tetragon, and eBPF Platform: Implementation guidance from across the Isovalent platform, applicable to any compliance framework.

 

From Strategy to Action: 

  • Future-Proof Your Compliance: Stay ahead in the ever-evolving landscape of cloud-native compliance.
  • Deep Technical Insights: Gain expert knowledge to tackle compliance challenges effectively with the Isovalent platform.
  • Strategic Value: Build your architecture with the foundations to navigate Kubernetes and Linux compliance.

 

Download the Cilium white paper now and take the first step towards mastering cloud-native compliance!

Strategic Compliance at Scale

Problem Overview: Solving the security and management of dynamic Kubernetes environments is challenging. Traditional solutions fall short of addressing the complexities inherent in securing ephemeral IPs, dynamic pod lifecycles, and future-aligned network configurations.

This whitepaper addresses cloud native gaps, aligned closely with NIST 800-53r5 under the following control families: Access Control, Auditing and Accountability, and Incident Response.


Solution Highlight: Cilium, as a CNCF-graduated project and the only graduated CNI plugin, serves as the cloud native standard for secure and observable connectivity and offers an array of advanced functionalities that span networking to runtime through sub-projects Hubble and Tetragon.

Cilium, Hubble, and Tetragon simplify access control at the runtime and network layer, provide deep auditing and accountability data, and provide real-time and historical incident response across Linux environments. 


Key Features: Cilium’s differentiators are advanced eBPF-powered networking, security, and observability features, which grant organisations Kubernetes identity awareness and fine-grained control. These capabilities facilitate easy-to-deploy implementation and validation of compliance principles in Kubernetes environments, supported by Hubble observability and Tetragon runtime features.

Target Audience: This document is tailored for technical compliance leaders, security teams, and platform engineering teams looking for a comprehensive solution to effectively manage Kubernetes environments and implement compliance principles using eBPF and Cilium.

whitepaper-compliance-cilium

Authors

  • Natália Réka Ivánkó

    Security Product Lead

  • Jeremy Colvin

    Senior Technical Marketing Engineer

Complete the form to download

Related

Fireside Chat: Cloud Native Security & Compliance

Join ControlPlane’s CEO Andrew Martin and Isovalent’s Chief Open Source Officer Liz Rice for a fireside chat where they demystify Cloud Native Security and Kubernetes Compliance.

Online
Briefs

The guide to host-based Kubernetes visibility

Correlate process-to-network data. Learn how Tetragon’s lightweight eBPF sensor captures K8s telemetry down to the binary, tying process to network data with no application changes. Decode DNS, TLS, HTTP, UDP, TCP , and more while matching to process ancestry information, all with Kubernetes identity-aware metadata (labels, pod names, etc). Read the solution brief and get under the hood with Tetragon.

By
Jeremy Colvin
Labs

Getting Started with Tetragon

Security Observability is a new paradigm that utilizes eBPF, a Linux kernel technology, to allow Security and DevOps teams, SREs, Cloud Engineers, and Solution Architects to gain real-time visibility into Kubernetes and helps to secure your production environment with Tetragon. Tetragon is an open source Security Observability and Runtime Enforcement tool from the makers of Cilium. It captures different process and network event types through a user-supplied configuration to enable security observability on arbitrary hook points in the kernel; then translates these events into actionable signals for a Security Team. The best way to learn about Security Observability and Cilium Tetragon is to read the book “Security Observability with eBPF” by Jed Salazar and Natalia Reka Ivanko. And the best way to have your first experience with Tetragon is to walk through this lab, which takes the Real World Attack example out of the book and teaches you how to detect a container escape step by step!

Industry insights you won’t delete. Delivered to your inbox weekly.