by John Armstrong | Jun 11, 2020 | Blog, Calico Enterprise, Cybersecurity, Kubernetes
What is Lateral Movement? Lateral movement refers to the techniques that a cyber-attacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets. Lateral movement techniques are widely used in...
by John Armstrong | May 27, 2020 | Blog, Calico Enterprise, Compliance, Cybersecurity, Firewall, Kubernetes, Network Policy
New applications and workloads are constantly being added to Kubernetes clusters. Those same apps need to securely communicate with resources outside the cluster behind a firewall or other control point. Firewalls require a consistent IP, but routable IPs are a...
by John Armstrong | Mar 24, 2020 | Blog, Calico Enterprise, Compliance, Cybersecurity, Fortinet, Kubernetes
What Problems are We Solving? Container use continues to grow, and Kubernetes is the most widely adopted container orchestration system, managing nearly half of all container deployments.1 Successful integration of container services within the enterprise depends...
by Manish Sampat | Oct 2, 2019 | Cybersecurity, Firewall
Researchers at Netflix and Google recently reported a vulnerability in the HTTP/2 protocol that enables adversaries to execute a DOS attack by legitimate use of the protocol. These types of attacks are very difficult to detect and mitigate because the traffic is valid...
by Shaun Crampton | Jun 4, 2019 | Calico, Cybersecurity, Networking
In this article, we’ll explore Calico’s denial-of-service (DoS) mitigation features, including XDP-optimisation support introduced in Calico v3.7. Using Calico Policy for DoS Mitigation During a DoS attack, a cluster can receive massive numbers of...
by Christopher Liljenstolpe | Jul 23, 2018 | Blog, Cybersecurity, Kubernetes, Security, Zerotrust
For almost as long as we have networked computers, we have used the network location or address as their primary identity. Using network location might have made sense when there was a 1:1 mapping between a computer and the thing it was acting for (user, application,...
