creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-runtime-security-with-tetragon/references/standards.md
T

43 lines
2.0 KiB
Markdown
Raw Blame History

# Standards and References - Runtime Security with Tetragon
## Industry Standards
### NIST SP 800-190: Application Container Security Guide
- Section 4.2: Runtime monitoring and anomaly detection for containers
- Section 4.4: Container-level network monitoring requirements
- Recommends kernel-level security monitoring for container environments
### CIS Kubernetes Benchmark v1.9
- Control 5.7.1: Create administrative boundaries between resources using namespaces
- Control 5.7.3: Apply Security Context to pods and containers
- Control 5.7.4: The default namespace should not be used
### MITRE ATT&CK for Containers
- T1611: Escape to Host -- Tetragon detects namespace manipulation attempts
- T1059.004: Command and Scripting Interpreter: Unix Shell -- process execution monitoring
- T1053.007: Container Orchestration Job -- detects unauthorized job creation
- T1496: Resource Hijacking -- crypto-miner detection and blocking
## CNCF Landscape Positioning
Tetragon is positioned in the CNCF Runtime Security category alongside:
- Falco (audit-log and syscall-based detection)
- KubeArmor (LSM-based enforcement)
- Tracee (eBPF-based tracing)
### Key Differentiators
- Kernel-level filtering reduces event volume before reaching user space
- Native enforcement (Sigkill/Override) without requiring separate enforcement engine
- Deep integration with Cilium for combined network + runtime security
- TracingPolicy CRD for Kubernetes-native policy management
## Compliance Mapping
| Requirement | Framework | Tetragon Capability |
|-------------|-----------|-------------------|
| Runtime threat detection | PCI DSS 11.5 | TracingPolicy with file integrity monitoring |
| Unauthorized process detection | SOC 2 CC6.8 | Process execution monitoring with namespace context |
| Container isolation enforcement | NIST 800-190 4.2 | Namespace escape detection and blocking |
| Audit trail generation | ISO 27001 A.12.4 | JSON event export to SIEM systems |
| Incident response automation | NIST CSF DE.AE | Real-time Sigkill enforcement on policy violations |
Reference in New Issue View Git Blame Copy Permalink