Active security for
containers & Kubernetes

Reduce attack surface, detect threats, and actively mitigate risk of exposure


Self-paced courses

Learn how to address common security and observability challenges for containers and Kubernetes—all at your own pace

Learn More >

O’Reilly ebook: Kubernetes security and observability

Adopt a holistic security and observability strategy to secure cloud-native applications running on Kubernetes

Download now

New Guide: 7 EKS Security Best Practices

For DevOps managing containerized workloads in EKS

Read now

Cloud-Native Security Events & Workshops

Search for upcoming events and browse content from past events


Trusted by global enterprises & startups

Active security for
containers and Kubernetes

Why Tigera?

Active security for cloud-native applications

Reduce attack surface with zero trust

  • Zero-trust workload access
  • Identity-aware microsegmentation for workloads
  • Universal firewall integration
  • Envoy-based
    application-level security

Detect known and unknown threats

  • Protect workloads from container and network based threats
  • Workload-based WAF, IDS/IPS with deep packet inspection
  • ML-based zero-day workload threat identification
  • Protection from vulnerabilities and malware

Automatic risk mitigation

  • Dynamic Service and Threat Graph
  • Security policy recommender
  • Admission Controller
  • Alert, pause, quarantine, terminate compromised workloads

Container security solutions

Container Security

Protect containers during development and production. Reduce attack surface with vulnerability and misconfiguration detection. Provide runtime protection from known threats and zero-day vulnerabilities.

  • Image assurance
  • Configuration assessment
  • Runtime security

Zero-Trust Workload Security

Reduce attack surface with zero-trust workload access and identity-aware microsegmentation. Prevent ransomware, APTs, and DDoS attacks with Calico Cloud workload-level security controls.

  • Zero-trust workload access controls
  • Identity-aware microsegmentation for workloads
  • Workload-based IDS/IPS, DDoS protection, DPI, and WAF


Cloud-native application compliance for major standards.
Continuously monitor compliance with daily, weekly, and monthly audit reports.

  • PCI DSS, HIPAA, GDPR, SOC 2, NIST, CCPA, and any custom frameworks
  • Encryption
  • Evidence and audit reports

Observability & Troubleshooting

Monitor and troubleshoot service performance in real time. In case of a breach or vulnerability, get instant granular information on compromised services and evaluate blast radius.

  • Dynamic Service and Threat Graph
  • Performance hotspots
  • Dynamic Packet Capture

Calico product editions

Calico Open Source

Open-source networking and security for containers and Kubernetes

Learn More

Calico Cloud

Pay-as-you-go SaaS platform for cloud-native security

Learn More

Calico Enterprise

Self-managed platform for cloud-native security

Learn More
Compare Editions

Tigera - The inventors of Calico Open Source

The most widely adopted open-source security and networking solution for containers and Kubernetes

Calico Open Source by the numbers

Docker Pulls
of Fortune 100
Join the Community

Get started with container security

Scale up your expertise

Resource Center

Become an expert in security, observability, and networking for containers and Kubernetes



Gain the confidence you need to run mission-critical, cloud-native workloads in production

Get Certified


Browse documentation

Learn More