To list just a few of the capabilities, Tetragon can provide visibility into all kinds of kernel subsystems to cover namespace escapes, capability and privilege escalations, file system and data access, networking activity of protocols such as HTTP, DNS, TLS, and TCP, as well as the system call layer to audit system call invocation and follow process execution. The foundation of Tetragon is a powerful observability layer that can introspect the entire system ranging from low-level kernel visibility to track file accesses, network activity, or capability changes, all the way up into the application layers covering aspects such as function calls into vulnerable libraries, tracing process execution, or understanding HTTP requests made. The embedded runtime enforcement layer is capable of performing access control on the system call and other enforcement levels. The deep visibility is achieved without requiring application changes and is provided at low overhead thanks to smart in-kernel filtering and aggregation logic built directly into the eBPF-based kernel-level collector. Tetragon provides eBPF-based transparent security observability combined with real-time runtime enforcement. Today, we are open sourcing major parts as project Tetragon and open it up for collaboration with the entire community. Tetragon is a powerful eBPF-based security observability and runtime enforcement platform that has been part of Isovalent Cilium Enterprise for several years. We are excited to announce the Tetragon open source project.
0 Comments
Leave a Reply. |