First-generation security solutions for cloud-native applications have been failing because they apply a legacy mindset where the focus is on vulnerability scanning instead of a holistic approach to threat detection, threat prevention, and remediation. Given that the attack surface of modern applications is much larger than in traditional apps, security teams are struggling to keep up and we’ve seen a spike in breaches.
To better protect cloud-native applications, we need solutions that focus on threat prevention by reducing the attack surface. With this foundation, we can then layer on threat detection and threat mitigation strategies.
I have exciting news to share on this front! Today, Tigera launched new capabilities in its Calico product line to help you address your most urgent cloud security needs. Before getting into a discussion about the features themselves, I’d like to talk about the driving force behind the changes, our thought process, and why we’re well-positioned to bring these to market.
A new runtime security model
To properly secure modern cloud-native applications, we need to use a modern architecture that aligns with them. At Tigera, we’ve created a model we call active cloud-native application runtime security. This model has three components:
- Threat prevention – Effectively reduce the attack surface using zero-trust controls.
- Threat detection – Provide a mechanism through which users can monitor for both known and unknown vulnerabilities and malware on an ongoing basis.
- Threat mitigation – Give users the ability to mitigate breaches by dynamically responding to threats.
This three-part architecture is the security model required to keep up with cloud-native applications and keep them secure.
Why ‘active’ security is important
If your only focus is on discovering known threats, you won’t be able to keep up. This strategy leads to application teams being busy trying to fix last year’s vulnerabilities while new ones continue to pop up. Instead of forcing this legacy mindset, we need to implement active security.
‘Active’ describes the three-layered architecture I outlined in the above security model. It starts with a zero-trust approach to reduce the attack surface. Then, using this as a foundation, layering on the second and third pillars of the model: a mechanism to continuously detect known and unknown threats, and dynamic mitigation strategies. Unless you sequence it like this, it’s almost impossible to secure cloud-native applications.
We have the benefit, collectively as an industry, to look back at data that tells us if what we’re doing is effective or not. In doing so, we can see the unanticipated side effects of previous solutions for cloud-native security (i.e. application teams and application deployment are getting slowed down).
We found that the data was telling us that the current approach is fundamentally not working. So we needed to go back and rethink the problem. And this is exactly what we did at Tigera, with the end result being the introduction of strong new features and capabilities in our products to address users’ most pressing needs for securing cloud-native applications.
The great thing about Tigera is that we’ve got a rich history in Calico Open Source, our container networking and security solution that powers more than 100M containers and half a million clusters across 2M+ nodes in 166 countries. Calico Open Source has served as a foundation for zero-trust workload security for tens of thousands of companies. We’ve proven we know how to scale. Plus, many companies are already using Calico.
A lot of zero trust needs to be built on a strong foundation of networking, where we are an industry leader. We’ve leveraged this, along with lessons learned over the years, as a foundation to build out our zero trust capabilities. That, combined with the expansion of our already impressive threat detection and mitigation capabilities, led to the industry’s most comprehensive active cloud-native application protection platform (CNAPP) with full-stack observability for containers, Kubernetes, and cloud.
See for yourself
These new capabilities are being offered as a SaaS—more specifically, CNAPP as a service—available in a self-service model. They are also offered in various packages aligned with what a user might need, depending on where they are in their Kubernetes adoption journey. Our goal here is to enable users to start modestly, knowing they are future-proofing their decision; as their workloads and requirements increase, they can activate additional features.
I’m excited for you to try these new capabilities out for yourself! We listened to you—our community, customers, and partners—to understand the challenges you face in securing cloud-native applications, and your most important cloud security pain points. We then built Calico’s new features with your feedback in mind.
Join our mailing list
Get updates on blog posts, new releases and more!