Isovalent, Creators of eBPF and Cilium, Launch Tetragon: High-Performance Kernel-based Kubernetes Security

News provided by

Isovalent

Nov 01, 2023, 07:00 ET

Tetragon gives platform and security teams fine-grained observability, policy definition and enforcement for the class of security vulnerabilities that live in custom code and outside of vulnerability scanners; optimized for high performance, low overhead and usability

CUPERTINO, Calif., Nov. 1, 2023 /PRNewswire/ -- The creators of the rapidly growing open source technologies Cilium and eBPF, today announce the general availability of Isovalent Enterprise for Tetragon, extending the existing open source Cilium Tetragon project that provides kernel-level programmability for runtime Kubernetes security use cases. Cilium Tetragon, the open source project within the Cloud Native Computing Foundation (CNCF) and sub-project of Cilium, has reached a significant milestone with the OSS 1.0 release. Just like Cilium gave platform teams a standard interface and greatly evolved performance in Kubernetes networking, Tetragon harnesses the power of eBPF to define how security and operations teams instrument Kubernetes runtime security--with lower overhead, higher performance, and a richer stream of data closer to the kernel and beyond the limited telemetry purview of security scanners.

Kubernetes provides limited default security and observability controls, and ships without a dedicated runtime security model. In this absence of a standard open source runtime security platform, early Kubernetes adopters have been forced to use proprietary security agents that come with major compute and memory performance overhead and cloud costs, while also failing to capture the lower-level, runtime security data emitted closest to the kernel.

Tetragon is an eBPF-based security observability and runtime enforcement platform designed to give security and operations teams richer telemetry data for runtime security, while eliminating the performance overhead of proprietary security vendors' agents. Isovalent extends the open source project with enterprise features that further security teams visibility into L7 networking events (HTTP, DNS, TLS/SSL handshake analysis), granular control over Tetragon security policies and workflows, improved in-kernel smart collection for lower CPU & memory overhead, and more. In benchmarking comparisons, Tetragon's kernel-based runtime telemetry collection resulted in near baseline overhead and minimal resource utilization across core security and observability use cases, read the benchmarking results and more. 

Tetragon is built around eBPF and in-kernel filtering and aggregation logic, providing deep visibility without traditional agents or application changes. It gives platform and security teams a powerful observability layer that can introspect the entire system ranging from low-level kernel visibility to track file accesses, network activity, or capability changes, all the way up into the application layers covering aspects such as function calls into vulnerable libraries, tracing process execution, or understanding HTTP requests made.

Unlike security platforms whose enforcement points are restricted to the system call level, Tetragon is able to enforce security policies across the operating system in a real time preventive manner instead of reacting to events asynchronously. Tetragon has the ability to specify allow lists for access control at several layers. Security policies can be injected via Kubernetes (CRDs), a JSON API, or systems such as Open Policy Agent (OPA).

"As Cilium standardized the Kubernetes networking experience across cloud providers and infrastructure, with Tetragon we're seeking to give platform and security teams the same experience for runtime security," said Thomas Graf, Cilium Creator and CTO and co-founder at Isovalent. "And by bringing Kubernetes security observability and enforcement closer to the kernel, we're giving you deeper visibility and control combined with incredible performance gains compared to existing technologies."

With Tetragon, every file, system interaction, network interaction, escalation of privileges, every process ever executed or network port opened is observable to security teams. This degree of granularity made possible by the eBPF and Cilium-based close-to-the-kernel lineage gives platform teams the right combination of extracting only what they need, while defining filters and aggregations based on high level signals. To learn more about Tetragon's architecture, use cases, and how it fits into your cloud native infrastructure, join the webinar on December 7th.

With its origins as a security primitive inside of Cilium--the default container network interface (CNI) used by most of the world's most popular Kubernetes cloud platforms, including GKE, Anthos, AKS, and EKS Anywhere--Tetragon also gives platform teams the major advantage of combining network and runtime visibility. By using Cilium as the networking layer to connect workloads across cloud, on-prem and edge, and deploying Tetragon for runtime security--platform teams get a single Kubernetes-optimized operating model for their entire infrastructure, complete with a distributed firewall.

With this milestone, Tetragon has reached a maturity in adopted core features from observing the complete lifecycle of every process, real-time file monitoring, to network observability that solves container runtime security at scale.

About Isovalent 

Isovalent is the company founded by the creators of Cilium and eBPF. Isovalent builds open source software and enterprise solutions solving networking, security, and observability needs for modern cloud native infrastructure. Google (GKE, Anthos), Amazon (EKS-A), and Microsoft (AKS) have all adopted Cilium to provide networking and security for Kubernetes. Cilium is used by platform engineering teams such as Adobe, Bell Canada, ByteDance, Capital One, Datadog, Schuberg Philis, and Sky. Isovalent is a globally distributed company with headquarters in both Cupertino (United States) and Zurich (Switzerland) and is backed by Andreessen Horowitz, Google, Cisco, M12 (Microsoft's Venture Fund), and Grafana Labs.

CONTACT:
Carly Driggers
[email protected]
415-515-9812

SOURCE Isovalent

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

icon3
440k+
Newsrooms &
Influencers
icon1
9k+
Digital Media
Outlets
icon2
270k+
Journalists
Opted In
GET STARTED

Also from this source

Cilium Creator Isovalent Invites KubeCon EU Attendees to Discover the Power of Cloud Native's Most Popular Connectivity Platform in Paris Next Week

KUBECON + CLOUDNATIVECON EU - Isovalent, the creators of the rapidly growing open source technologies Cilium, Tetragon, and eBPF, next week at...

Isovalent Enterprise for Cilium Named a Container Networking Platform Leader in GigaOm Sonar Report

Isovalent, the creators of the rapidly growing open source technologies Cilium and eBPF, today announced that industry research firm GigaOm has...
More Releases From This Source

Explore

Computer & Electronics

Computer & Electronics

High Tech Security

High Tech Security

Computer Software

Computer Software

Computer Software

Computer Software

News Releases in Similar Topics