This week’s update to the enterprise edition of the open source Tetragon project added a slew of capabilities to simplify applying cybersecurity policies more granularly and to limit privilege escalation.
Jeremy Colvin, senior technical marketing engineer for Isovlant, said Isovalent Enterprise for Tetragon 1.13 supports a framework that helps organizations to harden cloud-native computing environments. The goal is to provide a missing cybersecurity piece to the cloud-native computing puzzle.
Tetragon was originally developed by Isovalent as a lightweight security observability and runtime enforcement tool. That tool uses agent software to collect data from the extended Berkley Packet Filtering (eBPF) subsystem within the Linux kernel and employs it to apply policy and filtering. That approach improves performance and also reduces the need to rely on additional agent software to instrument applications.
Subsequently, Isovalent was acquired by Cisco, which is now using Cilium at the core of a cybersecurity platform that employs artificial intelligence and digital twin software to improve application security.
Tetragon version 1.13 is based on Cilium Tetragon 1.0, an open source edition of the framework that IT teams can deploy without any support. Cilium is an open source virtual network for Kubernetes clusters that is advanced under the auspices of the Cloud Native Computing Foundation (CNCF).
.ai-rotate {position: relative;}
.ai-rotate-hidden {visibility: hidden;}
.ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;}
In addition to adding deeper support (eBPF) to apply filtering within the kernel of the Linux operating system, the latest version of Isovalent Enterprise for Tetragon also improves observability by adding support for Prometheus metrics, an ability to monitor versions of the Transport Layer Security (TLS) protocol and better visibility into HTTP traffic that can now be parsed.
Other capabilities added include default rulesets, redaction filters to limit access to sensitive data and tighter integration with the CRI-O container runtime. It supports Red Hat OpenShift, an application development and deployment platform based on Kubernetes.
It’s not clear which teams are assuming responsibility for cybersecurity in cloud-native application environments. Historically, cybersecurity teams have been responsible for security operations (SecOps). Many organizations, however, are now shifting responsibility for SecOps to IT operations teams to help alleviate the chronic cybersecurity skills shortage. In many cases, that means platform engineering teams that are applying best DevSecOps practices are now programmatically including SecOps within larger workflows.
Certainly, as more cloud-native applications are deployed in production environments, cybercriminals are targeting their underlying infrastructure more aggressively.
It appears that the open source community is finally addressing the cybersecurity requirements of cloud native environments. It’s not clear to what degree the technical oversight committee that oversees, for example, the development of Kubernetes might address these issues but at the very least other open source projects are focused on securing cloud native application environments. The challenge, as always, is marshaling all those capabilities in a way the average enterprise IT organization can consume.
Photo credit: Derek Baumgartner on Unsplash
This post was originally published on the 3rd party site mentioned in the title of this this site