eBPF-based Security Observability and Runtime Enforcement
Tetragon is a flexible Kubernetes-aware security observability and runtime enforcement tool that applies policy and filtering directly with eBPF, allowing for reduced observation overhead, tracking of any process, and real-time enforcement of policies.
Tech leaders use Tetragon
Why Tetragon?
Minimal Overhead
eBPF enables deep observability with low performance overhead mitigating risks without the latency introduced by user-space processing.
Kubernetes-Aware
Tetragon extends Cilium's design by recognizing workload identities like namespace and pod metadata, surpassing traditional observability.
Simplified Operation
Tetragon offers pre-defined policy libraries for rapid deployment and operational insight, reducing setup time and complexity at scale.
Kernel-level enforcement
Tetragon blocks malicious activities at the kernel level, closing the window for exploitation without succumbing to TOCTOU attack vectors.
Real-time Policy Engine
Synchronous monitoring, filtering, and enforcement are performed entirely within the kernel using eBPF.
Advanced Application Insights
Tetragon goes beyond traditional monitoring, capturing events like process execution, network communications, and file access.
How does Tetragon work?
Tetragon monitors processes, syscalls, file and network activity in the kernel, correlating threats with network data to identify responsible binaries. It shares insights via JSON logs and a gRPC endpoint.
How to Install Tetragon?
- Install Tetragon on Kubernetes Download via helm chart
Kubernetes
helm repo add cilium https://helm.cilium.io helm repo update helm install tetragon cilium/tetragon -n kube-system kubectl rollout status -n kube-system ds/tetragon -w
- Read the documentation Watch tutorial
Exciting Updates and Announcements
Highlights Innovations in Modern Security Approaches
- Conference
- External
CloudNativeSecurityCon North America 2024 Schedule
- eCHO episode
- External
eCHO Episode 134: Tetragon in Action
- Article
- External
Tetragon v1.1.0 release
- Talk
- External
Lightning Talk: Falco, Tracee and Tetragon: eBPF Runtime Observability and Security
- Tutorial
- External
Restrict Access to Secure Files with Tetragon | eBPF Runtime Enforcement
- Tutorial
- External
eBPF for Runtime Enforcement | Tetragon Introduction and Overview
- Article
- External
Tetragon community Call
- Conference
- External
Tetragon related talks at Kubecon 2024
- eCHO episode
- External
eCHO Episode 116: Revealing Security Blindspots with Tetragon
Get hands-on with Tetragon
Practice using Tetragon labs to detect and respond to system activity events, such as process executions, file access, network I/O
Watch videos on Tetragon Show all videos
The Next Log4jshell?! Preparing for CVEs with eBPF!
John Fastabend & Natalia Reka Ivanko •
Tutorial: Getting Familiar with Security Observability Using eBPF & Cilium Tetragon
Duffie Cooley & Raphaël Pinson •
Securing the Superpowers: Who Loaded That EBPF Program?
John Fastabend & Natalia Reka Ivanko •
Showcase Tetragon: Slides for Speakers
We've created a slide deck for talks, presentations, and demos on Tetragon. Feel free to use it as-is or customize it to fit your specific needs.
See presentation
Telling the Tetragon Story
Creating an abstract, putting a presentation together, or writing a blog post doesn’t come naturally to everyone. If you are eager to tell your Cilium story and need help, we’re here for you.
Not a native speaker and/or not confident about your writing skills? No worries. Bring the story and we’ll help you tell it in an engaging way.