- Calico Cloud
- Configuration Security
Overview
As your organization deploys containerized workloads in Kubernetes environments, you will be faced with many configuration choices related to images, containers, control plane, and data plane. Setting these configurations improperly creates a high-impact security and compliance risk for business. Security, DevOps, and platform owners need the ability to continuously assess build artifacts, workloads, and infrastructure against configuration hardening standards and automatically remediate any violations.
Calico Cloud’s configuration security capabilities are purpose-built for Kubernetes and container environments. Calico Cloud continuously monitors images, workloads, and Kubernetes infrastructure against common configuration security standards (CIS Benchmarks) and provides a detailed assessment report. Application and infrastructure owners can integrate these reports into their CI/CD pipeline or incident response workflows for active remediation.
Benefits
Breach Prevention
Quickly detect and remediate misconfigurations in your Kubernetes environments and eliminate attack vectors
Configuration Compliance
Meet internal and external regulatory compliance by continuously assessing Kubernetes workloads against your configuration hardening standards
Predefined and scheduled reporting
Run compliance reports on demand or on a recurring schedule (hourly, daily, weekly, or monthly)
Capabilities
Custom Pass Fail Thresholds
Calico Cloud’s configuration security feature assesses your Kubernetes environment against CIS benchmarks. You have the ability to customize and exclude certain checks when assessing workloads against hardening standards like CIS Benchmarks.
CIS Compliance Reports
Calico Cloud configuration security includes a periodic assessment report that provides CIS Benchmark compliance across all the dyamic assets that may have existed in your Kubernetes environment during the report period. An overall score is available for each in-scope asset that can be compared against configurable pass/fail thresholds.
How It Works
See how Calico Cloud’s configuration security helps you manage your security and compliance posture for your Kubernetes and container environments.
