Tetrate has announced that Container Network Interface (CNI) network policies can be automatically generated from layer 7 application-level policies with Tetrate Service Bridge (TSB). The new feature prevents potential problems by proactively facilitating consistency and avoiding complications with a single product that consistently enforces layer 7 (L7) and layer 4 (L4) security policies.

The TSB automatic network policy generation feature operates in accordance with recommendations from NIST SP 800-207A. This is especially important for highly regulated industries.

“One of the primary benefits of open source service mesh like Istio is its ability to deliver a zero trust architecture that’s codified by standards bodies like NIST,” said David Wang, head of product at Tetrate. “By automatically generating network layer policies in TSB, we put our platform team users in the driver seat with a proactive posture and simplified the means to manage security policies between layer 4 and layer 7. Throughout 2023, we’ve been adding more and more capabilities to support our rapidly growing enterprise user base. This capability is just the most recent example of that commitment.”

TSB takes a unified and proactive approach to zero trust by preventing discrepancies between L4 and L7 policies and addressing the root of the problem by:

  • translating L7 service level policies to L4 level
  • delivering users a recommendation when conflicting rules occur
  • facilitating a security decision by the operator
  • enabling the operator to use the generated policy as a reference check for consistency

This capability offers TSB users greater visibility and control, aiding operators in making a decision when inconsistencies show up. It reduces potential conflicts between L4 and L7 enforcement, and it delivers greater predictability and consistency in how network policies are managed across a complex enterprise cloud environment.

You may also like