Visibility, Traceability, and Remediation
Painless compliance audits with a better security posture
Modern applications are a black box for security & compliance
IT Auditors need to see a network diagram, security policies, and proof that those policies are enforced. This data is not available when service-to-service network flows are not monitored and logged.
The Majority of Traffic for Modern Applications is East/West
Modern applications are assembled from reusable microservices that communicate over the network via API calls. A single inbound connection could spawn dozens or more service-to-service network calls behind the firewall. Firewalls and perimeter security do not provide visibility into this traffic.
Modern Applications Generate Unreliable Network Logs
5-tuple logging is commonly used to monitor and detect anomalies within the network, as well as to prove the enforcement of security policies. Modern applications are ephemeral; containers have an average lifespan of 3 days and the IP address is dynamic and unpredictable. This results in unreliable data that cannot accurately detect anomalies nor prove enforcement of security policies.
Without Accurate Data, Breaches are Difficult to Contain
When a breach occurs, inaccurate data in the network logs makes it unclear what was compromised and what lateral movement occurred after the breach. IP addresses in the network logs may have been reassigned to other services that have not been compromised, while the compromised services are gone.
Tigera Flow Monitoring and Audit Logging
Tigera Flow Monitorig and Audit Logging provides the following critical capabilities
Accurate Network Flow Logging
Tigera network flow logs include workload identity and other metadata that help quickly assess what happened after a breach occurred. Workloads authenticate and authorize based on multiple attributes including network identity and cryptographic identity, producing reliable logs that can be used for anomaly detection and audit reporting.
Tigera logs all changes to security policies. When combined with Tigera flow logging, you can quickly demonstrate your policies and history of enforcement. All data is continuously logged and compliance data can be reported for any point in time.
Automated Remediation of Suspect Workloads
Tigera monitors network flows for anomalies and responds with alerts or automated remediation. In the event of compromise, a quarantine label is applied to the rogue container with a policy that contains any further lateral movement. The quarantine policy can be extended to enable communication with a honeypot for further forensics.
Large and complex Kubernetes network datasets make it difficult to detect malicious activities with traditional monitoring tools. Tigera provides the best of breed anomaly detection by offering both machine learning and rule-based capabilities to handle increasing Kuberenetes network traffic.
The solution automatically models the behavior of Kubernetes activities to identify security anomalies and trends. Tigera detects outliers in Kubernetes clusters by building profiles of typical workloads and components to know when they start to deviate from the norm. Tigera detects activities such as reconnaissance scans, protocol deviation activities, and volumetric deviations activities.
Detailed forensics for every detection is available enabling faster resolution.