What is Garnet?
Garnet provides proactive runtime security through behavioral detection and threat monitoring for DevOps, Platform Engineering, and Security teams. Secure your software releases and production environ
Last updated
Garnet provides proactive runtime security through behavioral detection and threat monitoring for DevOps, Platform Engineering, and Security teams. Secure your software releases and production environ
Last updated
Garnet provides proactive runtime security through behavioral detection and threat monitoring natively within modern Linux environments. It is designed for DevOps, Platform Engineering, and Security (SOC/IR) teams needing deep visibility into system behavior—covering network, file, and process activities—across the entire software lifecycle, from development pipelines (securing software releases) to live production environments.
Garnet flags anomalous or malicious activities, such as malicious network calls (data exfiltration, C2) and crypto miner execution, delivering actionable alerts and enabling active blocking to ensure the integrity and security of your software. All of this is achieved while maintaining high performance and low overhead, making comprehensive security feasible where it might otherwise be too costly.
Garnet consists of two core components designed to work together:
Jibril: A high-performance, low-overhead runtime security sensor built on eBPF technology. It performs the actual monitoring, detection, and blocking on the host.
Garnet Platform: A centralized management console for deploying, monitoring, and managing multiple Jibril agents across various environments. It integrates seamlessly with developer (e.g., GitHub Actions) and security workflows (e.g., Slack, webhooks), providing a unified view of your security posture.
Garnet addresses critical security challenges faced by modern development and security teams:
Secure Software Releases: Detects and prevents malicious activities (like unauthorized network connections for data exfiltration or C2 communication, or execution of crypto miners), unauthorized connections, and supply chain threats within CI/CD workflows (e.g., GitHub Actions), ensuring compromised code doesn't reach production. (Relevant to: DevOps, Platform Eng)
Secure Production Environments: Provides continuous monitoring, real-time behavioral detection AND active blocking of threats (including crypto miners and malicious network traffic) in live production environments (Kubernetes, servers) with minimal performance impact, crucial for maintaining application stability and security. (Relevant to: Platform Eng, SOC/IR)
Lack of Visibility & Actionable Context: Offers deep forensic context (process ancestry, file access, network flows) on security events, enabling rapid investigation and response. (Relevant to: SOC/IR, DevOps)
Performance Overhead of Security Tools: Delivers robust runtime security without the significant performance tax often associated with traditional agents, making comprehensive production monitoring and blocking feasible. (Relevant to: Platform Eng, DevOps)
Alert Fatigue & Slow Response: Provides high-fidelity, actionable alerts with context directly into existing workflows (e.g., GitHub PRs, Slack), reducing noise and speeding up remediation. (Relevant to: SOC/IR, DevOps)
Ready to secure your workflows? Jump into integrating the Garnet Platform:
Navigate through this documentation to understand key concepts, deploy agents, and leverage Garnet to its full potential.
