Learn extra at:
This type of context is vital. Let’s say a pod makes an attempt to exfiltrate information by making an outbound request to an exterior endpoint. In a conventional setup, you may see the egress site visitors and block the IP. However that doesn’t reply the true query: What course of made the decision, from which container, and what was it doing earlier than that? Tetragon can tie the community movement to a selected binary working in a selected pod and implement a coverage that stops the habits mid-execution. It’s microsegmentation enforced on the stage of identification and intent, not simply connectivity.
Imposing insurance policies earlier than dangerous habits executes
Most cloud-native safety instruments generate alerts. They observe suspicious exercise and ship logs to SIEMs or dashboards for human triage. This mannequin doesn’t scale in Kubernetes. With 1000’s of ephemeral workloads, alert quantity explodes and investigation timelines stretch past the purpose of usefulness. By the point a staff sees the alert, the container might already be spun down.
Tetragon flips this mannequin. As a result of it operates within the kernel utilizing eBPF, it may possibly filter, mixture, and act on occasions earlier than they go away the host. It doesn’t simply report suspicious habits; it may possibly cease it. For instance, if a container begins an sudden shell course of, Tetragon can challenge a SIGKILL or override instantly. If a file entry doesn’t match coverage, the motion will be blocked at run time, not merely logged for later overview. Builders can write Kubernetes-native insurance policies that outline precisely what processes are allowed to run, what recordsdata they’ll contact, and the place they’ll join.