Unified L7 and L4 security policy enforcement works proactively with encryption and zero trust capabilities, integrating Cilium and Calico into Tetrate Service Bridge
SAN FRANCISCO, Sept. 15, 2023 /PRNewswire-PRWeb/ -- Tetrate, the company bringing Istio and Envoy to the enterprise, today announced that Container Network Interface (CNI) network policies can be automatically generated from layer 7 application-level policies with Tetrate Service Bridge (TSB). The new feature prevents potential problems by proactively facilitating consistency and avoiding complications with a single product that consistently enforces layer 7 (L7) and layer 4 (L4) security policies. The TSB automatic network policy generation feature operates in accordance with recommendations from NIST SP 800-207A A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments. This is especially important for highly regulated industries.
Container Network Interface plugins such as Cilium and Calico are open source, cloud-native solutions for providing, securing and observing network connectivity between workloads. Enforcing consistency of security rules between L4 and L7 can become confusing to coordinate when large teams or multiple teams are working on an application stack. There is a risk that network layer (L4) and application layer (L7) security policies may conflict with each other.
Traditional zero trust policy enforcement takes a fragmented and reactive approach. For example, when an organization is implementing zero trust—denying all traffic by default—they often struggle with continual policy mismatches due to conflict between L7 and L4 policies. This then results in developers repeatedly asking when their microservices will be able to connect, while ops keeps trying to make changes to the configuration. This mismatch results in the organization spending time coordinating people and priorities across technologies and environments to figure out where the conflicts are instead of creating software to solve business problems. TSB directly addresses this problem.
TSB takes a unified and proactive approach to zero trust by preventing discrepancies between L4 and L7 policies and addressing the root of the problem by:
- translating L7 service level policies to L4 level
- delivering users a recommendation when conflicting rules occur
- facilitating a security decision by the operator
- enabling the operator to use the generated policy as a reference check for consistency
This capability offers TSB users greater visibility and control, aiding operators in making a decision when inconsistencies show up. It reduces potential conflicts between L4 and L7 enforcement, and it delivers greater predictability and consistency in how network policies are managed across a complex enterprise cloud environment.
"One of the primary benefits of open source service mesh like Istio is its ability to deliver a zero trust architecture that's codified by standards bodies like NIST," said David Wang, head of product at Tetrate. "By automatically generating network layer policies in TSB, we put our platform team users in the driver seat with a proactive posture and simplified the means to manage security policies between layer 4 and layer 7. Throughout 2023, we've been adding more and more capabilities to support our rapidly growing enterprise user base. This capability is just the most recent example of that commitment."
About Tetrate
Rooted in open source, Tetrate was founded to solve the application networking and security challenges created by modern computing so enterprises can innovate with speed and safety in hybrid and multicloud environments. As applications evolve into collections of decentralized microservices, monitoring and managing the network communications and security among those myriad services becomes challenging. This is why some of the largest financial institutions, governments and other enterprises rely on Tetrate to deliver modern application networking and security. Find out more at http://www.tetrate.io.
Media Contact
Robert Cathey, Cathey Communications for Tetrate, +1 865-386-6118, [email protected], www.tetrate.io
SOURCE Tetrate
Share this article