NETSCOUT, which makes observability, AIOps, cybersecurity, and DDoS attack protection solutions, has announced it has extended continuous end-through-end monitoring to enhance attribution for audit controls and incident reports, prove zero-trust network policies, and shorten time to detect, contain, and document incidents. Enhanced monitoring is designed into their Omnis KlearSight Sensor for Kubernetes to help address the complex compliance demands faced in Cloud environments related to both security and regulatory requirements.
With 93% of companies evaluating, piloting, or using Kubernetes in production, organizations encounter significant challenges when it comes to monitoring at scale for observability and security purposes. NETSCOUT’s continuous and comprehensive monitoring solutions provide real-time visibility into critical aspects such as workloads, cluster configurations, network traffic, and API calls. This helps support the gathering of compliance evidence and keeping it more consistently up to date, enabling enterprises to meet regulatory standards and maintain robust security postures.
“When enterprises deploy Kubernetes for microservice application delivery, container dynamism can create compliance gaps which inhibit the ability to meet requirements for monitoring, auditability, and incident response,” said John Grady, principal analyst at Omdia. “Enterprises need to capture the packet- and process-level activity needed for compliance reporting and investigations across their entire IT environment to manage risk, security, and ensure accountability against compliance standards.”
By supporting the need for visibility into Cloud-native environments like Kubernetes, these solutions help provide the information needed to demonstrate ongoing assurance that systems are secure, auditable, and resilient for regulatory frameworks and compliance requirements such as continuous monitoring and threat detection (e.g., DORA), incident response and forensics (e.g., ISO 27001/27002), data protection and privacy (e.g., GDPR, HIPAA), configuration and vulnerability management (e.g., NIST 800-53, NIST 800-190), and audit and accountability (e.g., GDPR, ISO 27001, HIPAA and others).
NETSCOUT believes that their Omnis KlearSight Sensor for Kubernetes solution is a new standard in cloud observability, filling the visibility gap in on-premise and cloud Kubernetes deployments. Using extended Berkeley Packet Filter (eBPF) technology, Omnis KlearSight Sensor overcomes a blind spot in end-to-end observability enabling IT organizations to better pinpoint true root cause of problems throughout the communications path, including those that originate in a Kubernetes environment.
Without clear visibility, enterprises can miss critical activity inside their Kubernetes environments, creating blind spots that increase the risk of non-compliance with security and regulatory standards that require continuous monitoring. Since containers often communicate with each other within a cluster, known as east-west traffic, organizations need network-level visibility, along with microservices, and container-aware telemetry to detect anomalies, lateral movement, and policy violations in real-time. These capabilities also provide detailed packet – and container-level evidence, which is critical for understanding what happened, where, and when.
“Continuous monitoring is more than a best practice; it’s a risk mitigator and compliance enabler,” stated Thor Wallace, Chief Information Officer, NETSCOUT. “Visibility into Kubernetes cloud environments is important because it provides the insights needed to ensure service levels and customer expectations are met, while also helping support our compliance efforts.”
As part of NETSCOUT’s nGenius solution for observability, the Omnis KlearSight Sensor for Kubernetes integrates NETSCOUT’s Adaptive Service Intelligence (ASI) technology into Kubernetes environments, delivering continuous, end-to-end, service level visibility for performance and availability. It extracts packets using eBPF technology, enabling targeted monitoring of applications in both Enterprise and Service Provider settings.
Acting like a virtual TAP, the Omnis KlearSight Sensor monitors traffic to and from any containerized network function or node interface, automatically adapting to Kubernetes topology changes. It merges captured packet data with context-aware metadata, enriching the deep packet/protocol insights powered by ASI smart data for analysis and visualization in nGeniusONE. Omnis KlearSight Sensor captures Kubernetes packets and SSL messages that have already been decrypted by the Linux kernel. It converts this traffic into standard IT data for NETSCOUT ASI processing without accessing or requiring encryption keys.
Robert Derby, Senior Security Product Marketing Manager at NETSCOUT, discussed a major nation state attack which breached traditional defenses. He noted that this was not a smash-and-grab data theft; it was a methodical, intelligence-gathering campaign designed to remain invisible for as long as possible.
“Modern enterprises rely on a layered mix of security technologies such as SIEMs, EDR agents, flow collectors, and log analytics platforms, each providing partial views of what’s happening in the environment,” Derby said. “Yet these tools are often alert-driven, designed to detect known indicators of compromise or behavioral deviations significant enough to trigger a rule or signature. Persistent attacks such as this one thrive in the space between those alerts. Repeated transfers of small files may appear as normal development activity. Movement between build systems may look like routine administrative access. And when these actions occur over encrypted channels, the visibility gap widens further. Even advanced detection systems can struggle to differentiate legitimate traffic from malicious behavior when they rely on metadata summaries or sampled flow data. The missing context, such as what was actually transmitted, how frequently, and with what payload characteristics, is exactly where these operations hide.”
This is where packet-level visibility becomes transformative. Derby emphasized. “Unlike flow data or logs, packets provide the ground truth of network activity: the complete, continuous record of every session, transaction, and payload exchanged across the network. For forensic analysts, that fidelity means not only knowing that data moved, but what kind of data, how much, and in what sequence. With continuous packet capture and decryption, subtle exfiltration patterns that would otherwise blend in become detectable. Examples include repeated HTTPS POSTs of identical size to unrecognized destinations, encrypted sessions initiated from systems that rarely communicate externally, and lateral traffic showing credential reuse or new service creation within engineering networks These signals often exist long before a traditional alert fires, but they require both data depth and analytic context to recognize.”
Derby emphasized that NETSCOUT’s Omnis Cyber Intelligence was built specifically to address these kinds of gaps.
“It operates on the principle that visibility must exist independent of alerts,” Derby stressed. “By continuously capturing and analyzing packets at the source, across data centers, hybrid cloud, and remote networks, Omnis Cyber Intelligence provides defenders with the contextual visibility needed to reconstruct and understand subtle activity such as that seen in this breach.
“In the context of an attack such as this, Omnis Cyber Intelligence could identify repeated small-file transfers leaving development networks, detect unauthorized communication paths between build servers, and provide the packet evidence necessary to confirm exfiltration, even months after it occurred,” Derby concluded. “This isn’t about only detection; it’s about restoring observation where visibility has been lost. When adversaries operate inside trusted systems using legitimate credentials, packets are often the only remaining truth left to analyze.”
Visit NETSCOUT’s website for more information about InfiniStreamNG, Omnis KlearSight Sensor for Kubernetes solution.