BlueAllyBlueAlly

PETER WELCHER | Solutions Architect 


Towards the end of 2023, Cisco announced another significant acquisition: Isovalent.  

This blog intends to provide a detailed understanding of this acquisition. While it may not be as financially significant or mature an acquisition as Splunk, it will be important to Cisco moving forward.  

Why? To summarize, Isovalent is a common platform for Cloud/Server-based networking and security, including Kubernetes networking and security features, that continues to grow as an established player in the space.  

Unpacking That 

If you have been networking for the last few years (or more), your focus is likely on connectivity, forwarding/routing traffic, and network security in the form of access lists of various kinds.  

Along came cloud, where initially you had to use what the vendor provided, and then various vendors added cloud versions of their devices, code that ran as a VM (Virtual Machines) on server hardware, with performance (throughput) limitations. At least until it was tweaked.  

Isovalent provides a different approach based on eBPF, Extended Berkeley Packet Filter, created by its founders. eBPF provides secure hooks into the underlying operating system’s kernel for manipulation of networking functionality (forwarding, packet filtering, etc.) along with security, including packet inspection and traffic observability.  

With kernel-level performance, i.e., not filtering down through layers of software and overhead.  

Isovalent’s main products are open-source Cilium, Tetragon, and their enterprise versions.  

Cilium is the default in managed Kubernetes offerings for some of the major CSPs. Cilium Mesh allows for simple Kubernetes clusters and infrastructure connections across hybrid clouds.  

Tetragon is an open-source security application that provides security controls for running workloads and gathering detailed info about internal processes and network behavior.  

Cisco’s goal is to enhance Cisco Security Cloud, cloud-delivered integrated security, with AI, across hybrid and multi-cloud environments. I understand Isovalent as a key factor in delivering that capability on the cloud/application/Kubernetes side of things as Talos is, in terms of providing threat intelligence and security analytics.  

It may already be baked into Cisco Security Cloud, with this acquisition allowing Cisco to ensure its priorities are addressed by Isovalent’s team.  

What Else? 

Both Cilium and Tetragon are open-source projects. Cisco reports it will create an independent advisory board to ensure that it continues to meet the needs of the open-source community.  

Links 

Conclusion 

Isovalent provides Cisco with a powerful set of tools or potential tools for cross-platform networking and security controls. Cisco Security Cloud, a cloud security platform, potentially provides one front end to both physical and virtual/cloud networking and security, simplifying operations.  

Cisco was an early investor in Isovalent, which means they are looking years ahead into capabilities they will need.  

Contact BlueAlly

Connect with BlueAlly today to learn more.