Camblet is an open source cloud native security tool that authenticates, encrypts, and authorizes network communication between workloads. It assigns strong identities to processes and transparently establishes mTLS connections in Kernel space. Camblet facilitates the creation of a robust zero-trust networking environment.
Camblet, a bespoke solution designed specifically for securing internal
workload communication, effectively implements the zero trust model of
"never trust, always verify". It safeguards against insider threats and
prevents lateral movements during breaches.
By automatically
authenticating and encrypting traffic through mutual TLS, and enforcing
custom access control policies set by administrators, Camblet ensures a
secure and controlled network environment.
Camblet is platform-independent. It runs seamlessly on Linux, irrespective of the environment – from Kubernetes to bare metal, in the cloud, or on-premises.
Security is streamlined at the Linux socket level, eliminating the need for network proxies or dependence on overlay networks, thus ensuring efficient operation.
Camblet simplifies complexity for application and network developers. Identity and mTLS are managed automatically, allowing developers to focus on their core work.
Designed to solve a specific problem with maximum efficiency, Camblet is memory-efficient and minimizes latency, ensuring a minimal impact on system resources.
Camblet enables focused and efficient policy management without dealing with infrastructure complexities by directly assigning identities to Linux processes.
As an open-source project, Camblet thrives on community participation. Contributions, whether they're ideas, bug reports, or code, are highly valued and integral to its evolution.
Camblet operates primarily through a Linux Kernel module at its core. This module is responsible for initiating the certificate issuance process and integrates into network system calls, facilitating the TLS handshake and enforcing security policies. Additionally, a node agent complements the Kernel module which augments Kernel-level information of processes with metadata from containers and orchestration systems like Kubernetes. This agent is crucial for managing certificates and policies, which can be defined either directly on the node or by integrating an external control layer.
