Configuration Security

Continuous monitoring and alerting for container images, workloads, and misconfigured Kubernetes environments

Overview

As your organization deploys containerized workloads in Kubernetes environments, you will be faced with many configuration choices related to images, containers, control plane, and data plane. Setting these configurations improperly creates a high-impact security and compliance risk for business. Security, DevOps, and platform owners need the ability to continuously assess build artifacts, workloads, and infrastructure against configuration hardening standards and automatically remediate any violations.

Calico Cloud’s configuration security capabilities are purpose-built for Kubernetes and container environments. Calico Cloud continuously monitors images, workloads, and Kubernetes infrastructure against common configuration security standards (CIS Benchmarks) and provides a detailed assessment report. Application and infrastructure owners can integrate these reports into their CI/CD pipeline or incident response workflows for active remediation.

Benefits

Breach Prevention

Quickly detect and remediate misconfigurations in your Kubernetes environments and eliminate attack vectors

Configuration Compliance

Meet internal and external regulatory compliance by continuously assessing Kubernetes workloads against your configuration hardening standards

Predefined and scheduled reporting

Run compliance reports on demand or on a recurring schedule (hourly, daily, weekly, or monthly)

Capabilities

Kubernetes Configuration Security

Calico Cloud’s configuration security feature assesses your Kubernetes environment—both workloads and the platform—against common configuration security standards. You have the ability to customize and exclude certain checks when assessing workloads against hardening standards like CIS Benchmarks.

CIS Compliance Reports

Calico Cloud configuration security includes a periodic assessment report that provides CIS Benchmark compliance across all the dyamic assets that may have existed in your Kubernetes environment during the report period. An overall score is available for each in-scope asset that can be compared against configurable pass/fail thresholds.

How It Works

See how Calico Cloud’s configuration security helps you manage your security and compliance posture for your Kubernetes and container environments.

Resources

Webinar

Learn More

Technical Blog

Learn More

Calico Cloud Datasheet

Learn More