Microsegmentation for Containers and Kubernetes

By default, Kubernetes is an open system with no built-in security controls. Without east-west controls like microsegmentation, a cyberattacker, having gained unauthorized access, can move laterally within a cluster in search of sensitive data and other high-value assets. Kubernetes environments are dynamic and distributed. Segmenting using traditional methods doesn’t work, and requires a modern, dynamic approach to segmentation that integrates Kubernetes-native segmentation rules in the CI/CD pipeline.

In this Live Demo & Office Hours, we will demonstrate:

• How Calico’s security policy-as-code approach can dynamically enforce security policy changes across cloud-scale environments in milliseconds in response to an attack
• How Calico provides a single, unified policy framework for host, VM, container, Kubernetes and application-level isolation
• How Calico policy tiers visually define the order in which security policies are evaluated, and simplify policy creation
• How you can use Calico to automate validation steps that ensure your security policy works properly before being committed