Tigera Events

Customer Stories: Kubernetes network security in Financial Services with Pervez Sikora, CCO


September 26, 2023
10:00 am EDT

Happening this week

  •  Ivan Sharamok

Event Partner:

Explore Tigera Events






Are you struggling to secure your containerized workloads?

Perimeter-based network firewalls are not enough to protect microservices running on containers. These workloads are ephemeral, making it difficult to keep track of all of the containers and apply firewall rules to them. Additionally, they often communicate with each other and with resources outside the cluster which requires granular controls at individual workload levels.

In this webinar, we will discuss how Calico Container Firewall can help you secure your containerized workloads.

We will cover the following topics:

  • Why perimeter-based network firewalls are not sufficient for containerized workloads
  • How Calico Container Firewall can provide more granular traffic control
  • How Calico Container Firewall can be used to implement microsegmentation
  • How Calico Container Firewall can help with threat detection
  • How Calico Container Firewall compare to traditional Next-Generation Firewalls (NGFWs)

Join us for this webinar to learn how to secure your containerized workloads with Calico Container Firewall.

  •  Giri Radhakrishnan

Welcome to an insightful fireside chat bridging technology and finance with real life customer stories. In the financial industry, businesses are adopting a microservices-based cloud-native architecture to enhance efficiency, save costs, and improve customer experience. 

However, cloud-native applications running on containers and Kubernetes present technical hurdles: network vulnerabilities, data breaches, service disruptions, and compliance complexities. Addressing these challenges is vital for trust and risk mitigation for financial institutions.

Today, Calico is the most adopted Kubernetes network security solution in financial services, including 3 of the top 5 credit card companies, 3 of the top 5 global banks and many more. 

Join Pervez Sikora, Chief Customer Officer, as he shares real-world customer stories in this fireside chat. Learn how Kubernetes network security bolsters compliance and security. Dive into challenges, solutions, and tangible benefits. 

This chat is ideal for DevOps, Platform, and security teams shaping secure Kubernetes apps.

  •  Pervez Sikora
  •  Dhiraj Sehgal

Are you leveraging the power of Azure AKS to optimize your Kubernetes workloads in the cloud? Join us for a dive deep into the realm of networking in AKS, empowering you to make informed choices for enhanced performance and scalability.

In Kubernetes, the Container Networking Interface (CNI) via Container Runtime Interface (CRI) delegates network capabilities. AKS offers multiple networking configurations to set up networking in your cluster, including:

  • Kubenet (Basic Networking): Understand the simplicity and trade-offs associated with this option for straightforward networking requirements.
  • Azure-CNI (Advanced Networking): Delve into the benefits and complexities of leveraging Azure-CNI to unlock advanced networking capabilities.
  • Bring Your Own CNI: Explore the flexibility and customization possibilities when bringing your own Container Networking Interface.

During the webinar, we will weigh the pros and cons of each networking option, ensuring you gain the knowledge needed to select the most suitable one based on your unique requirements.

Don’t miss this opportunity to optimize your AKS networking strategy. Register now and join Reza and Krishna as they share the invaluable insights and recommendations to select the right networking option for your Kubernetes workloads.

  •  Reza Ramezanpour
  •  Krishna Venkatraman

Event Partner: 

Discover the key strategies to fortify the security of your Amazon EKS cluster and protect it from potential breaches. Join Gokhul Srinivasan, Senior Partner Solution Architect at Amazon AWS, and Dhiraj, Director of Technical Marketing, in this engaging webinar. By prioritizing prevention and mitigation over detection and remediation, you can establish a robust runtime security posture for your microservice-based application.

During this webinar, we will delve into the limitations of traditional runtime threat defense solutions and explore more effective alternatives. Gain insights into the following essential topics:

  • Container runtime security: Implementing robust malware protection and proactive defense against zero-day attacks.
  • Workload-based Intrusion Detection and Prevention Systems (IDS/IPS): Strengthening your defenses by identifying and mitigating potential intrusions.
  • Deep Packet Inspection (DPI) and application-level visibility: Ensuring comprehensive security for your container workloads.

Don’t miss out on this opportunity to enhance your Amazon EKS cluster security.

Register now.

  •  Gokhul Srinivasan
  •  Dhiraj Sehgal

Event Partner: 

Imagine having the ability to identify software supply chain threats and assign a score to determine their severity. Now, the question arises: what do we do with these invaluable results?

Join us as we delve into the practical applications of image scan results, empowering you to add an extra layer of protection during the critical deploy time in your application deployment lifecycles.

Key Webinar Highlights:

  • Leveraging native Admissions Controller: Gain a comprehensive understanding of the admissions controller and its pivotal role in bolstering security. Discover how it acts as a gatekeeper, ensuring only secure and trusted images enter your deployment pipeline.
  • Configuring Admissions Controller to Fit Your Needs: Learn the best practices and techniques for configuring admissions controllers based on your organizational requirements. Tailor your settings to achieve the perfect balance between security and operational efficiency.
  • Preventing Deployment of Vulnerable Images: Discover the effective strategies and measures to prevent the deployment of vulnerable images. Safeguard your applications from potential threats by leveraging the insights derived from image scan results.

Register now to secure your spot and equip yourself with the knowledge to protect your environments from potential threats. 

  •  Dhiraj Sehgal
  •  Giri Radhakrishnan

Picture this: your application in a Kubernetes environment is under constant threat from external sources launching devastating DDoS attacks. The moment a service is exposed to the Internet, your vulnerabilities become prime targets. But that’s not all. What if attackers breach your Kubernetes cluster, aiming to infect multiple workloads with malware, escalating the impact of their malicious intent?

It’s time to take control and fortify your defenses!

Join us as we guide you through a step-by-step process to combat DDoS attacks head-on. 

Key Webinar Highlights:

  • Detect DDoS attacks in Kubernetes with the cutting-edge capabilities of Calico, the trusted guardian of your cluster’s security.
  • Deploy the acclaimed recommendations from CISA (Cybersecurity and Infrastructure Security Agency) when your Kubernetes infrastructure is under the onslaught of DDoS attacks.
  • Respond to DDoS attacks strategically with proven risk mitigation strategies, empowering you to regain control and safeguard your applications.

Register now to secure your spot in this must-attend event and equip yourself with the knowledge and tools to defend your applications against the ever-present threat of DDoS attacks.

  •  Dhiraj Sehgal
  •  Giri Radhakrishnan

Join us to learn how you can effectively secure your Kubernetes workloads using DNS policies. By default, Kubernetes allows unrestricted communication between workloads and external resources within a cluster. However, as IP addresses change and application developers and DevOps teams strive to connect and safeguard their workloads, the need for application-level security arises.

Unfortunately, Kubernetes lacks native support for defining security policies based on DNS names to protect this crucial communication. But fear not! We have the solution.

In this webinar, we will guide you through a step-by-step process to implement DNS policies, allowing you to manage the egress access of your Kubernetes workloads to external resources. Whether you need to connect with SaaS services or legacy workloads outside the cluster, DNS policies provide an effective method to enhance security.

Key Highlights:

  • Analyze DNS information for better troubleshooting understanding 
  • Implement DNS policies seamlessly into your Kubernetes environment
  • Validate the effectiveness of your DNS policy for robust protection

Don’t miss this opportunity to master the art of securing your Kubernetes workloads. Register now and unlock the potential of DNS policies in safeguarding your applications.

  •  Dhiraj Sehgal
  •  Giri Radhakrishnan

In Kubernetes clusters, the Domain Name System (DNS) plays a crucial role in enabling service discovery for pods to locate and communicate with other services within the cluster. DNS infrastructure misconfigurations, failures or performance degradation can lead to application latency, transaction timeouts, or poor end-user experience. As these issues are sporadic, making it difficult to diagnose and resolve, resulting in prolonged downtime and frustration for application and DevOps teams.

In this webinar, we will explore how you can quickly troubleshoot the following common DNS scenarios:

  1. DNS traffic deny
  2. DNS “SERVFAIL” response code errors
  3. DNS “NXDOMAIN” response code errors
  4. DNS “NOERROR” with missing records
  5. “core-dns” load-balancing issues
  •  Aadhil Majeed
  •  Dhiraj Sehgal

Most organizations that move to microservices and Kubernetes based applications still operate in a hybrid environment where legacy applications still reside on-prem or in cloud. These applications rely on perimeter-based NGFW such as Fortinet’s FortiGate with appropriate rules to govern traffic flows. Calico can integrate Kubernetes environments with these firewalls to enable similar workflows and security zones so that operators can use the firewalls in a Kubernetes environment. In this webinar, we will discuss the following:

  • How to map firewall rules to Calico security policies for Kubernetes 
  • Use firewalls to control egress access from Kubernetes pods without constantly updating IP addresses
  • Eliminate the need to open up large CIDR ranges to allow traffic to and from Kubernetes clusters
  • Working demo of the Fortinet-Calico integration
  •  Giri Radhakrishnan

As more organizations adopt Kubernetes for their production workloads, ensuring the security and privacy of data in transit has become increasingly critical. Encrypting traffic within a Kubernetes cluster is one of the most effective components in a multi-layered defence when protecting sensitive data from interception and unauthorized access. In this webinar, we will explore why encrypting traffic in Kubernetes is important and how it addresses compliance needs with:

  1. Performance with minimal overhead
  2. Simpler configuration
  3. Scale with lightweight design and efficient use of system resources
  4. Robust security 
  •  Dhiraj Sehgal