Runtime Protection Documentation

eBPF Runtime Protection

Deploy kernel-level security monitoring with eBPF technology. Real-time threat detection, compliance evidence collection, and workload protection with less than 3% CPU overhead.

Explore Runtime FeaturesRequest Demo

Supported Platforms

Deploy the TigerGate agent across your infrastructure

Kubernetes

Deploy as DaemonSet for cluster-wide protection

  • Pod-level visibility
  • Namespace isolation
  • Label-based policies
🐳

Docker

Lightweight container for Docker environments

  • Container monitoring
  • Network visibility
  • Volume protection
🔶

AWS ECS

Sidecar deployment for ECS tasks

  • Task metadata
  • Fargate support
  • CloudWatch integration
🖥️

Bare Metal / VMs

Systemd service for traditional infrastructure

  • Full system visibility
  • SSH monitoring
  • Process tracking

eBPF Probes

Kernel-level visibility without kernel modules

Process Execution (execve)

Monitor all process executions with full command-line arguments, parent process, and user context.

C1: Unauthorized binary execution

File Operations (open/write/unlink)

Track file access, modifications, and deletions on critical paths like /etc, /var, and config files.

C2: File integrityC3: Log tamperingC8: Config drift

Network Connections (connect)

Monitor outbound network connections with destination IP, port, and process context.

C4: Network egress anomalies

Privilege Changes (setuid/setgid)

Detect privilege escalation attempts and capability changes in real-time.

C5: Privilege escalation

Secrets Access

Monitor access to sensitive files, environment variables, and credential stores.

C6: Secrets exposure

Process Behavior

Detect anomalous process behavior, unexpected child processes, and respawning.

C7: Process anomalies

Compliance Controls

Automated evidence collection for SOC 2, ISO 27001, PCI-DSS

C1

Binary Execution

Prevent unauthorized binary execution

C2

File Integrity

Detect critical file modifications

C3

Log Tampering

Prevent log file manipulation

C4

Network Egress

Monitor outbound connections

C5

Privilege Escalation

Detect privilege changes

C6

Secrets Exposure

Protect sensitive data access

C7

Process Anomalies

Detect behavioral anomalies

C8

Config Drift

Track configuration changes

Quick Start

Deploy the TigerGate agent in minutes

Kubernetes

# Deploy TigerGate agent as DaemonSet
kubectl apply -f https://install.tigergate.dev/agent/kubernetes.yaml
# Verify deployment
kubectl get pods -n tigergate-system
🐳

Docker

# Run TigerGate agent container
docker run -d --name tigergate-agent \
--privileged --pid=host --network=host \
-v /sys/kernel/debug:/sys/kernel/debug:ro \
-e TIGERGATE_API_KEY=your-api-key \
tigergate/agent:latest
🖥️

Bare Metal / VM

# Install via script
curl -sSL https://install.tigergate.dev/agent | sudo bash
# Configure and start
sudo tigergate-agent config --api-key=your-api-key
sudo systemctl enable --now tigergate-agent

System Requirements

Kernel Requirements

  • Linux 4.15+ for basic monitoring
  • Linux 5.7+ for LSM enforcement
  • BTF (BPF Type Format) enabled
  • CONFIG_BPF=y, CONFIG_BPF_SYSCALL=y

Resource Usage

  • CPU: <3% overhead
  • Memory: ~50MB baseline
  • Network: ~1MB/hour telemetry
  • No kernel modules required

Ready for Runtime Protection?

Deploy eBPF-based security monitoring across your infrastructure with real-time threat detection and compliance evidence.

Request DemoExplore Runtime