Photo by Declan Sun on Unsplash

Explore the Tetragon security suite for Kubernetes

Inside the Polygon

Attack scenarios are becoming increasingly complex, as are the infrastructures on which organizations root their IT. Kubernetes, with its many layers for storage and networking, along with the microarchitecture applications running on it, is a prime example of ever-increasing complexity. Unsurprisingly, security is one of the key issues for IT managers.

Clearly, new tools are needed. In recent years, new solutions have emerged that let you detect threats and attacks more easily in scalable environments. A previous ADMIN article on Falco [1] [2] is one example, and Tetragon [3], which I discuss in this issue, is a direct competitor.

Much like Falco, Tetragon promises proactive monitoring of containerized setups in Kubernetes, but that is not the only similarity: Like its competitor, Tetragon relies heavily on the extended Berkeley Packet Filter (eBPF) virtual kernel network engine to acquire and analyze ongoing packet flows. This relationship makes sense, because Tetragon was created by the developers of Cilium, one of the best-known implementations of software-defined networking (SDN) for Kubernetes.

Tetragon is designed to handle a wider range of tasks than Falco. In addition to monitoring programs and data streams at runtime, it offers comprehensive options for monitoring, alerting, and trending. It also has a tracing function that can be deployed at the program level. In this article, I present Tetragon in full detail and discuss the tool's strengths and weaknesses.

Complex Architecture

An architecture diagram (Figure 1) also helps in understanding the solution that Tetragon offers. You can quickly see the parallels with Falco, but also significant

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia