Tigera delivers network security and compliance solution with CNX 2.1
I am very excited to announce the general availability of CNX 2.1 release. This release, built in collaboration with several of our strategic customers, includes several enhancements that will help enterprises automate security and compliance workflows for their micro-services and containerized environments.
Operators organize their Kubernetes infrastructure into multiple clusters based on hosting environment (public or private), fault domains, security/compliance zones, or other business criterion. With this release of CNX, policy definitions within a cluster can reference labels on workload and host endpoints from remote clusters. CNX can now enforce policy-driven secure connectivity across cluster boundaries, enabling a secure hybrid (or multi) cloud architecture for your applications.
Monitoring & Alerting
CNX continues to enhance the metrics and monitoring capabilities. Setting threshold and alerts on denied and allowed traffic metrics enables administrators to troubleshoot any undesired policy changes, detect anomalous behavior or indicators of compromise. Users can stream these alerts to their existing security operations center (SOC) and/or create custom dashboards with their favorite tools.
Compliance managers and devops personnel should be able to better manage their PCI, SOC2 or any internal compliance audits with the native policy auditing capabilities included in this release. Auditing in CNX is natively integrated with Kubernetes auditing framework and works with both upstream Kubernetes and OpenShift. The log data could be stored on a local file system/volume or streamed to any existing log management, analytics, or security incident and event management (SIEM) tool for further integration in your security workflows.
Network sets are useful for applying policy to traffic coming from (or going to) external, non-CNX, networks. So whether you need to enforce egress requirements for export compliance or blacklist bad actors, all of that can be managed through simple abstraction of network set for all your workloads.
Last but not the least, this release includes several integrations with OpenShift for better installation and getting started experience for OpenShift users. A previously recorded Openshift commons briefing is now available for offline viewing here. Check out this briefing for an overview of the release along with a case study on how a global enterprise is solving their network security and compliance challenges in their container environments.
To learn more about CNX and all the new enhancements in this release, contact us at https://www.tigera.io/contact or get in touch with your Tigera representative.