Active security for
containers & Kubernetes

Reduce attack surface, detect threats, and actively mitigate risk of exposure


New: CISO’s Definitive Security Guide to Containers and Kubernetes

Get an overview of container security, insights into securing Kubernetes landscapes and container-based applications, and why securing these technologies requires a unique approach.

Read Guide >

2023 Calico Open Source Adoption Survey

Take our survey and help us understand your needs and preferences

Take the Survey

New - Container Security & the MITRE ATT&CK Framework

Learn about container breaches and how Calico can help detect and mitigate these risks

Read Guide

Container and Kubernetes Security Self-paced Courses

Learn how to address common security and observability challenges–all at your own pace

Learn More

Trusted by global enterprises & startups

Active security for
containers and Kubernetes

Why Tigera?

Active security for cloud-native applications

Reduce attack surface with zero trust

  • Zero-trust workload access
  • Identity-aware microsegmentation for workloads
  • Universal firewall integration
  • Envoy-based
    application-level security

Detect known and unknown threats

  • Protect workloads from container and network based threats
  • Workload-based WAF, IDS/IPS with deep packet inspection
  • ML-based zero-day workload threat identification
  • Protection from vulnerabilities and malware

Automatic risk mitigation

  • Dynamic Service and Threat Graph
  • Security policy recommender
  • Admission Controller
  • Alert, pause, quarantine, terminate compromised workloads

Container security solutions

Container Security

Protect containers during development and production. Reduce attack surface with vulnerability and misconfiguration detection. Provide runtime protection from known threats and zero-day vulnerabilities.

  • Image assurance
  • Configuration assessment
  • Runtime security

Zero-Trust Workload Security

Reduce attack surface with zero-trust workload access and identity-aware microsegmentation. Prevent ransomware, APTs, and DDoS attacks with Calico Cloud workload-level security controls.

  • Zero-trust workload access controls
  • Identity-aware microsegmentation for workloads
  • Workload-based IDS/IPS, DDoS protection, DPI, and WAF


Cloud-native application compliance for major standards.
Continuously monitor compliance with daily, weekly, and monthly audit reports.

  • PCI DSS, HIPAA, GDPR, SOC 2, NIST, CCPA, and any custom frameworks
  • Encryption
  • Evidence and audit reports

Observability & Troubleshooting

Monitor and troubleshoot service performance in real time. In case of a breach or vulnerability, get instant granular information on compromised services and evaluate blast radius.

  • Dynamic Service and Threat Graph
  • Performance hotspots
  • Dynamic Packet Capture

Calico product editions

Calico Open Source

Open-source networking and security for containers and Kubernetes

Learn More

Calico Cloud

Pay-as-you-go SaaS platform for cloud-native security

Learn More

Calico Enterprise

Self-managed platform for cloud-native security

Learn More
Compare Editions

Tigera - The inventors of Calico Open Source

The most widely adopted open-source security and networking solution for containers and Kubernetes

Calico Open Source by the numbers

Docker Pulls
of Fortune 100
Join the Community

Get started with container security

Scale up your expertise

Resource Center

Become an expert in security, observability, and networking for containers and Kubernetes



Gain the confidence you need to run mission-critical, cloud-native workloads in production

Get Certified


Browse documentation

Learn More