Tigera Events

Enabling Workload-Level Security for AKS with Azure Firewall and Calico Egress Gateway

Topics:

Security AKS
Americas
December 12, 2023
10:00 am PST

Happening this week

  •  Gokhul Srinivasan
  •  Dhiraj Sehgal

Event Partner:

Explore Tigera Events

  • AVAILABILITY

  • CATEGORY

  • REGION

  • PARTNER

  • TOPIC

Box, a cloud-first SaaS provider serving over 68% of Fortune 500 companies, manages a complex, shared Kubernetes infrastructure across hybrid, multi-cloud, and public cloud setups. Box relies on Calico to enforce zero-trust Kubernetes security for their platform to meet their critical security and compliance needs. In this webinar, you will learn how Box’s platform team uses Calico to: 

  • Implement a zero-trust environment with fine-grained workload access controls and comprehensive observability across a vast, ephemeral landscape with thousands of microservices
  • Streamline troubleshooting processes and ensure seamless security policy deployment and discoverability across multiple clusters
  • Comply with stringent regional regulations like PCI DSS, SOC 2, and FedRAMP, while offering continuous compliance monitoring and instant reporting

Register now and discover how Box achieved these goals with Calico.

  •  Dhiraj Sehgal

Multi-tenant Kubernetes deployments are common. For example, a platform team may offer shared services such as security tools and databases to multiple internal “customers” and a SaaS vendor may also have multiple teams sharing a development cluster. However, due to the flat nature of Kubernetes network, multi-tenant Kubernetes environments are susceptible to the risk of lateral movement of threats from one tenant to another. Within the Shared Security Framework, while Microsoft AKS secures the infrastructure, enterprises are tasked with the security of workloads.
This webinar will demonstrate how Calico’s security policy recommendations can:

  • Automatically achieve workload isolation in Microsoft AKS with namespace isolation
  • Remove the manual overhead of identifying workload communication patterns for building isolation policies with policy recommendations
  • Reduce the potential impact of threats by restricting communication between workloads with microsegmentation
  • Streamline and expedite policy enforcement processes with preview and stage included
  •  Dhiraj Sehgal

Event Partner: 

If you want to integrate your existing enterprise tools that require a stable IP address from Kubernetes workloads, you have a challenge as Kubernetes does not provide a default way to fulfill this requirement. Calico eliminates the complexity of achieving streamlined integration between Kubernetes clusters and tools that need to identify source traffic from Kubernetes pods or namespaces.

Learn how enterprise teams have successfully implemented Egress Gateway for the following benefits:

  • Assign a stable network identity to traffic leaving a Kubernetes pod or namespace
  • Use the network identity to integrate with traditional firewalls, databases, SIEMs, DLP and other tools
  • Advanced use-cases such as high-availability and load-balancing egress traffic
  •  Giri Radhakrishnan

Leader-bet, an online gaming and entertainment company faced slow application development due to its complex and traditional VM-based infrastructure. Its legacy applications were increasingly expensive to maintain. This led them to re-architect their legacy applications and adopt containers and Kubernetes to leverage the agility, scalability, and cost-effectiveness of cloud-native infrastructure. But this presented a new challenge: finding the right security platform for these applications and infrastructure for secure networking, visibility and troubleshooting, and compliance.

In this webinar, you will learn how Leader-bet implemented:

  1. Secure workload communication: Ensured secure communication between workloads, both within the Kubernetes cluster and with external services
  2. Visibility and troubleshooting: Gained real-time graph-based visualization to identify and resolve issues
  3. Compliance: Enforced comprehensive policy controls for compliance and automated compliance reporting features
  •  Dhiraj Sehgal

Attend this in-depth, hands-on security workshop with Calico and Microsoft Azure experts to get insights into Kubernetes cluster traffic, workload interactions, and security policy enforcement. The 90-minute interactive lab comes with your own provisioned Calico Cloud environment and a sample application.

This workshop is designed to provide hands-on experience for you to:

  • View service-to-service communication to assess security risk from network-based threats
  • Get alerts for malware present in workloads
  • Quarantine workloads to prevent the lateral movement of the threat
  • Detect and prevent anomalous behaviors such as attempts to access restricted URLs
  • Build and enforce security policy to stop command and control attack

We have limited the number of participants for this workshop to ensure that each participant can receive adequate attention. Register now to reserve your spot!

  •  Regis Martins

Event Partner: 

Teams implementing the Azure Well-Architected Framework, and using the Hub and Spoke network topology often rely on the Azure Firewall to inspect traffic coming from Azure Kubernetes Service (AKS) clusters. However, they face challenges in precisely identifying the origin of that traffic as it traverses the Azure Firewall. With Calico egress gateway you can now identify the Kubernetes namespaces and pods associated with egress traffic outside your clusters when inspected by the Azure Firewall.

In this webinar, you will learn how Calico egress gateway and Azure firewall together can provide the following:

  1. Security and Compliance: Allow platform teams to enforce proper security measures, preventing unauthorized access and potential data breaches by identifying the source of outbound traffic.
  2. Troubleshooting and Debugging: Pinpoint the exact application or namespace responsible for the traffic, making it easier to identify and resolve problems efficiently 
  3. Billing and Cost Management: Identify which applications contribute most to egress traffic and make informed decisions on resource allocation and billing.

 

  •  Jennifer Luther Thomas

Event Partner: 

Attend this in-depth, hands-on, Amazon EKS focused security workshop with Amazon AWS and Calico experts to learn how to protect containers in your Kubernetes cluster from known and zero-day threats based container and network attacks running on Amazon EKS. The 90-minute interactive lab comes with your own provisioned Calico Cloud environment and a sample application.

You will leave this workshop with hands-on experience on how to:

  • Deploy Amazon EKS blueprint add-on of Calico Operator to roll out networking and security policies
  • Visualize security posture of your Kubernetes cluster
  • Preview and customize security guardrails for network-based threats
  • Configure IDS/IPS, workload-centric WAF, and DDoS protection
  • Detect zero-day attacks based on suspicious container activity
  • Preview and enforce security policies to quarantine infected workloads

We have limited the number of participants for this workshop to ensure that each participant can receive adequate attention.

  •  Kartik Bharath

Event Partner: 

While it is a standard practice to scan container images during the build process, it doesn’t foolproof in securing an Amazon EKS cluster from runtime threats. Some of the common scenarios where runtime threats emerge due to images include:

  • Images that passed scan during the build phase but harbor vulnerabilities days or weeks later.
  • Third-party images pulled from public registries, that often bypass the build pipeline scanning
  • One-off images outside of app development pipeline for emergency patches to fix critical bugs.
  • Existing workloads in runtime within a cluster that lack image scanning or container runtime tools.

To address and remediate these security gaps during runtime, this webinar will provide a deep dive into how Calico Cloud offers an out-of-box in-cluster real-time image scanning for Amazon EKS clusters. In this webinar, you will learn:

  • The limitations of build-time image scanning and why runtime scanning is crucial for maintaining a secure Amazon EKS cluster.
  • How Calico Cloud’s in-cluster image scanner operates, its setup simplicity, and how it fills the security gaps in your existing or new Amazon EKS clusters.
  • Demonstrations on how to utilize Calico Cloud’s in-cluster image scanner for real-time vulnerability detection and remediation.
  •  Gokhul Srinivasan
  •  Dhiraj Sehgal

Event Partner: 

Attend this in-depth, hands-on, Microsoft AKS security workshop with Microsoft Azure and Calico experts to learn how to strengthen your Microsoft AKS cluster security posture in 90-min. This workshop shares best practices for using Calico to secure AKS clusters. The interactive session comes with your own provisioned Calico Cloud environment and a sample application.

You will leave this workshop with hands-on experience on how to:

  • Scan container images and block deployment of vulnerable images
  • Preview and enforce security policies to protect vulnerable workloads
  • Implement zero-trust workload access controls and microsegmentation for improved posture

We have limited the number of participants for this workshop to ensure that each participant can receive adequate attention.

  •  Ivan Sharamok

Event Partner: 

Attend this in-depth, hands-on, Microsoft AKS focused security workshop with Microsoft Azure and Calico experts to learn how to protect containers in your Kubernetes cluster from known and zero-day threats based container and network attacks running on Microsoft AKS. The 90-minute interactive lab comes with your own provisioned Calico Cloud environment and a sample application.

You will leave this workshop with hands-on experience on how to:

  • Visualize security posture of your Kubernetes cluster
  • Preview and customize security guardrails for network-based threats
  • Configure IDS/IPS, workload-centric WAF, and DDoS protection
  • Detect zero-day attacks based on suspicious container activity
  • Preview and enforce security policies to quarantine infected workloads

We have limited the number of participants for this workshop to ensure that each participant can receive adequate attention.

  •  Rui De Abreau

Event Partner: