![]() ![]() Unlike other systems which have a limited set of enforcement points such as only at the system call level, Tetragon is able to enforce security policies across the operating system in a preventive manner instead of reacting to events asynchronously. Tetragon uses efficient data structures such as per-CPU hash tables, ring buffers, and LRU maps to provide efficient and fast means of data collection and avoids sending vast amounts of low-signal events to the user space agent.īuilding on the rich observability, Tetragon provides real-time runtime enforcement. Performing filtering, aggregation, metric accounting, and histogram collection directly in the kernel with eBPF helps to reduce the overhead.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |