Tigera Secure

Zero Trust Network Security and Continuous Compliance for Kubernetes Platforms

 

Tigera Secure Secures
Modern and Legacy Workloads

Tigera Secure enables a workload to workload Zero Trust model that protects modern business applications and extends through the rest of the legacy applications to provide a stronger security posture across the enterprise. It enforces security around each workload; whether running on a Container, VM or Host. No traffic is trusted, and all traffic is verified via service-to-service authentication that is executed via encrypted channels.

Tigera Secure integrates with your existing environment, tools, and SOC. It applies security policy that provides anomaly detection and traffic visibility that help detect and fight threats. It automates audit reports that enable proof to auditors seeking evidence to assure your compliance controls are established and working.

Encrypt Data in Motion

A critical compliance requirement is to encrypt all data in motion.

Tigera Secure can encrypt traffic within and between clusters using the built-in certificate manager, or integrate with your existing certificate management solution.

Flow Logs with Workload Metadata

Most organizations are using an existing system to capture flow logs. Tigera Secure integrates with existing security operations center (SOC) threat analytic and log aggregation systems.

Workload identity is appended to 5-tuple flow logs to provide accurate data for dynamic and ephemeral workloads like containers.

Tigera Secure flow logs are configured at the policy level or the node level. Log data generated can be configured and include all connections, accepted connections, denied connections, or traffic based on any security policy.

For Kubernetes environments like Amazon EKS, bi-directional flow logs are generated for all pods as well as host connections and include workload identity as well as pod and host labels.

Fine Grained Access Controls

to Resources Outside Your Cluster

Your Kubernetes pods may need to communicate with resources outside of the cluster such as databases, third-party APIs, or cloud services. Firewalls and cloud-native security groups cannot limit access to a single pod, the best you can do is allow all pods access to the external resource.

Tigera Secure enables fine-grained policy control within and outside of the cluster. You can define policies that limit a single pod or collection of pods access to any external resource.

Integration with Your SIEM for Security Incidents

Tigera Secure provides network visibility and monitors the network for potentially malicious traffic.

Tigera Secure integrates with most security incident and event management (SIEM) solutions and can send alerts with details of the suspicious traffic.

Network Flow and Audit Logs simplify troubleshooting and provide the data required for PCI, HIPAA, GDPR, and internal compliance frameworks.

Tigera Secure Enables Key Security Capabilities

Extend Firewalls to Kubernetes

Enterprise Security teams rely on firewalls to keep the bad guys out and prevent them from traversing the network. Firewall policies are based on IP addresses, don’t understand Kubernetes labels, and cannot track or enforce dynamic pod traffic. Tigera extends firewalls, enabling your security team to continue to use the process and tools they use today to secure your Kubernetes clusters.

Extend Firewalls to Kubernetes

Enterprise Security teams rely on firewalls to keep the bad guys out and prevent them from traversing the network. Firewall policies are based on IP addresses, don’t understand Kubernetes labels, and cannot track or enforce dynamic pod traffic. Tigera extends firewalls, enabling your security team to continue to use the process and tools they use today to secure your Kubernetes clusters.

Zero-Trust Network Security

With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.

Zero-Trust Network Security

With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.

Visibility and Threat Detection

Applications running on Kubernetes have dynamic IP addresses. Firewalls and traditional flow logs are not effective for detecting & preventing indicators of compromise because they lack visibility and context such as namespace, pod, container id, and labels.

Visibility and Threat Detection

Applications running on Kubernetes have dynamic IP addresses. Firewalls and traditional flow logs are not effective for detecting & preventing indicators of compromise because they lack visibility and context such as namespace, pod, container id, and labels.

Continuous Compliance

Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.

Continuous Compliance

Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.

Ready to get started?

Seeing is believing! Get a free demo of Tigera Secure.

Pin It on Pinterest