Since Tetragon, via eBPF, has access to the Linux kernel state, it can join this kernel state with Kubernetes awareness or user policy to create rules enforced by the kernel in real-time. More Than Observabilityīut Tetragon does more than just let you see what’s going on at a deep level. That means you can view namespace escapes, capability and privilege escalations, file system and data access, networking activity of protocols such as HTTP, DNS, TLS, and TCP, and even the system call layer to audit system call invocation and follow process execution. The OSS’ing of Tetragon is basically creating unlimited opportunities for observability ‘power user’ scenarios.”įor example, with Tetragon you can see into kernel subsystems. all the way into kernel subsystem and gives platform and security teams a ton of advanced observability functionality. Or, as Thomas Graf, Isovalent’s co-founder and CTO, put it, “Tetragon is a huge jump for extending it all the way down to low-level kernel visibility, bringing the ability to trace function calls, process execution, etc. That means it saves time and resources at a very low level. It filters, blocks, and reacts to events directly in the kernel instead of sending events to a user space agent. It enforces policy and filtering directly in eBPF in the kernel. In short, it works well.īy itself, Tetragon is a runtime security enforcement and observability tool. Cilium monitors network and runtime behavior with Kubernetes identity to provide a single source of data for cloud native forensics, audit, and compliance monitoring. Isovalent has used it for years in its Isovalent Cilium Enterprise program. You may not know its name, but Tetragon is not a new program. It’s a very useful eBPF-based security observability and runtime enforcement platform. How deep do you want to observe your systems? Would you like to peer all the way into the depths of the Linux kernel? If that sounds good to you, you’ll be happy to know that Isovalent, a company that incorporates networking, security, Kubernetes, and eBPF into its programs, recently open sourced Tetragon.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |