{"id":4993,"date":"2026-05-20T10:55:08","date_gmt":"2026-05-20T08:55:08","guid":{"rendered":"https:\/\/cybernemo.eu\/?p=4993"},"modified":"2026-05-20T10:55:09","modified_gmt":"2026-05-20T08:55:09","slug":"cybernemo-releases-the-network-policy-manager-cnpm","status":"publish","type":"post","link":"https:\/\/cybernemo.eu\/index.php\/2026\/05\/20\/cybernemo-releases-the-network-policy-manager-cnpm\/","title":{"rendered":"CyberNEMO Releases the Network Policy Manager (CNPM)"},"content":{"rendered":"\n<div style=\"height:37px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\nThe alpha version of the CyberNEMO Network Policy Manager (CNPM), a policy enforcement component of the CyberNEMO cybersecurity platform, developed by \n<a href=\"https:\/\/www.synelixis.com\" target=\"_blank\" rel=\"noopener\">Synelixis SA<\/a> \nand publicly accessible on the \n<a href=\"https:\/\/gitlab.eclipse.org\/eclipse-research-labs\/cybernemo-project\/cybersecurity-tools-as-a-service\/cnpm\/network-policy-manager-api\" target=\"_blank\" rel=\"noopener\">Eclipse Research Labs repository<\/a>, \nundergone under initial testing and validation in the Smart Agriculture \/ Supply Chain pilot.\n<\/p>\n\n<p>\nCNPM is designed for the cloud\u2013edge\u2013IoT continuum as it operates natively within Kubernetes, the de facto orchestration standard for containerised applications. It is based on Cilium networking layer that enables fine-grained, identity-aware security controls across distributed clusters. Each cluster in a CyberNEMO deployment runs its own CNPM instance, ensuring that policy management remains local, responsive, and aligned with the specific security posture of that environment.\n<\/p>\n\n<p>\nCNPM provides the operators a structured, template-driven workflow for defining and enforcing network security policies. Indicative policies that CNPM can create and enforce include:\n<\/p>\n\n<ul class=\"ul-custom\">\n \t<li class=\"li\">\n        <span lang=\"en-GB\">\n            Deny-all ingress rules that block all inbound traffic to a namespace by default, enforcing an explicit allowlist model.\n        <\/span>\n    <\/li>\n\n \t<li class=\"li1\">\n        <span lang=\"en-GB\">\n            Least-privilege access controls that permit only the minimum necessary communication between services.\n        <\/span>\n    <\/li>\n\n \t<li class=\"li1\">\n        <span lang=\"en-GB\">\n            Source-based filtering, restricting traffic to specific IP ranges or trusted origins.\n        <\/span>\n    <\/li>\n\n    <li class=\"li1\">\n        <span lang=\"en-GB\">\n            Port-level controls, limiting exposure to only the protocols and ports a service legitimately requires.\n        <\/span>\n    <\/li>\n<\/ul>\n\n<p>\nPolicies can be generated from reusable templates, validated before deployment, and pushed directly to the cluster, reducing the risk of misconfiguration and ensuring consistency across environments.\n<\/p>\n\n<p>\nCNPM integrates with the CyberNEMO event bus, receiving mitigation instructions from upstream platform components such as the Cloud Access Security Broker (CASB) and the Intrusion Prevention Detection and Mitigation Decision Support System (IPDM-DSS), closing the loop between threat detection and network-level response.\n<\/p>\n\n<p>\nThe module is released under the Apache License 2.0.\n<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The alpha version of the CyberNEMO Network Policy Manager (CNPM), a policy enforcement component of the CyberNEMO cybersecurity platform, developed by Synelixis SA and publicly accessible on the Eclipse Research Labs repository, undergone under initial testing and validation in the &hellip;<\/p>\n","protected":false},"author":4,"featured_media":4994,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[],"cc_featured_image_caption":{"caption_text":"","source_text":"","source_url":""},"_links":{"self":[{"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/posts\/4993"}],"collection":[{"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/comments?post=4993"}],"version-history":[{"count":1,"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/posts\/4993\/revisions"}],"predecessor-version":[{"id":4995,"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/posts\/4993\/revisions\/4995"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/media\/4994"}],"wp:attachment":[{"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/media?parent=4993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/categories?post=4993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybernemo.eu\/index.php\/wp-json\/wp\/v2\/tags?post=4993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}