Tigera Now Enabling Security Forensics and Operations Support
Tigera is excited to unveil several new capabilities with Tigera Secure Enterprise Edition 2.2, including the ability to enable security forensics for Kubernetes. Tigera’s modern search and visualization capabilities provide real-time enterprise-wide visibility into Kubernetes traffic. This release empowers businesses to detect and respond to untrusted and unauthorized Kubernetes traffic, often indicative of advanced attacks such as zero-day malware, data exfiltration, and nation-state espionage. Tigera accelerates investigations and provides direct access to large sets of Kubernetes flow logs. The solution allows:
- Platform teams to discover and identify communications between upstream and downstream Kubernetes microservices to better support DevOps and Security teams objectives.
- DevOps teams to troubleshoot and isolate the root cause related to Kubernetes workload connectivity issues.
- Security teams to monitor for anomalies and perform forensics investigations on suspicious Kubernetes workloads.
Figure 1 – Tigera pinpoints problematic Kubernetes resources for security and operational investigations.
Traditional network monitoring tools generate inaccurate data for Kubernetes as they fail to capture traffic state denied by network policy. Additionally, these dated methods only capture 5-tuple information which is ineffective in a highly ephemeral Kubernetes environment.
Tigera addresses traditional monitoring limitations with network flow logs that provide context for Kubernetes workloads. Network flow logs are captured at the workload level and appended with Kubernetes context such as namespace, pod, labels, and metadata. This enables accurate visibility into the communications between short-lived ephemeral workloads. Bi-directional flow logs are generated for all pods as well as host connections providing critical insight around suspicious east-west traffic.
Figure 2 – Tigera flow logs provide insight beyond traditional 5-tuple flow log data.
Tigera Secure Enterprise Edition 2.2 also brings the following additional capabilities:
- Application Layer Policy – Protect against application threats with multi-factor workload authentication and multi-layer enforcements. Tigera attaches an identity to each workload for authentication and authorization based on multiple attributes including network identity and cryptographic identity. The solution provides multiple points of enforcement at the network layer with iptables and at the application layer with Istio and Envoy proxy. Fine-grained application layer access control governs service-to-service communication such as HTTP request attributes and web methods. The Application Layer Policy capability is currently in Beta; please contact Tigera for more information.
- Encryption – Defend against eavesdropping, sniffing and man-in-the-middle (MitM) attacks with encryption that can be enabled for all traffic within and across Kubernetes environments. Traffic is encrypted at the application layer using mutual Transport Layer Security (mTLS) leveraging x.509 certificates. Encryption is transparent to the application and requires no code or configuration changes.
- BGP Templates – Customize BGP (Bird) configuration to fit your needs. BGP templates enable features such as Dual top of rack (ToR) peering or Password-protected BGP peering.
Highlights of Tigera Secure Enterprise Edition 2.2
Kubernetes environments are often challenging to investigate because of the dynamic nature of workloads. Most conventional security approaches and tools weren’t built to provide visibility into Kubernetes environments. Tigera Secure Enterprise Edition 2.2 accelerates security forensic activities to determine indicators of compromise (IOC) and cause of attacks. Our new release also helps reduce resolution time associated with workload connectivity issues. Additional capabilities defend against application layer and network eavesdropping attacks.
Please schedule a demo for more information.