Project Trinidad is a modern application runtime security solution that applies Machine Learning to East-West HTTP traffic between micro-services in Kubernetes applications.

Preface

This document provides an introduction to the Project Trinidad service. It has information about accessing, installing, and configuring the service. It has a guided tour on the service with short videos on installation, and a walkthrough on service features. It also describes how to monitor and manage anomalies in project Trinidad. You can also refer to this document to know more about managing and troubleshooting the service. This information is intended for anyone who wants to deploy and use Project Trinidad.

Challenges in securing modern applications

Modern applications provide flexibility with micro-services and containers, but result in higher complexity and vulnerability. Traditional perimeter-based security approaches, such as WAFs and other IDS tools, rely on a user entering rules into a system that detect an anomaly based on observed traffic. This means that existing tools are limited to detecting known threats. However, runtime security is often where the vulnerabilities not known to software providers exist. Modern applications need behavior-based solutions that can observe network traffic and infer normal versus anomalous network behavior to detect zero-day attacks.

A solution for securing Modern Applications against Zero-Day attacks

Project Trinidad detects security anomalies and surfaces unknown vulnerabilities. In addition to contextual security, Kubernetes security administrators can have access to API Schemas that Project Trinidad infers from observed traffic. This capability in Project Trinidad reduces the burden of gathering these specifications from development teams, and supplements the cluster operator’s understanding of normal cluster behavior.

Project Trinidad requires installation of a lightweight, eBPF-based sensor, and accessing the UI.

With Project Trinidad, you can:

  • Learn about APIs for each microservice for a given application through API schema discovery capability in Project Trinidad

  • Discover application-layer anomalies for existing applications without modifying code or binaries

  • Enable automated intelligence to generate anomalies based on unusual network behavior for you to see as part of Project Trinidad