Threat actors are now aware of Kubernetes and the inherent vulnerabilities of its larger attack surface. By default, Kubernetes clusters are left open, which means that any pod can talk to any other pod, even across namespaces. Attackers can hop from service to service until they find valuable data. Firewalls have traditionally been used to block attacks, but if the perimeter is breached, there's no protection from within the cluster. The conventional way of identifying attacks is with an intrusion detection system (IDS); however, the dynamic nature of Kubernetes requires a specialized approach.
Calico delivers a feature-rich IDS solution purpose-built for Kubernetes. Calico’s IDS pinpoints the source of malicious activity, uses machine learning to identify anomalies, and can create a security moat around critical workloads, deploy honeypods that capture zero-day attacks, and automatically quarantine potentially malicious workloads to thwart an attack. Calico’s IDS monitors inbound and outbound traffic (north-south) and east-west traffic that is traversing the cluster environment.
Protects sensitive Kubernetes workloads against vulnerabilities and threat actors deploying APTs, zero-day attacks, and other exploits, using automated detection, response, and mitigation
Ensures security teams are immediately notified when an attack or intrusion occurs, enabling further investigation and prompt remediation
Provides critical, supplemental protection to firewall defenses to ensure that sensitive workloads are not exposed if there is a perimeter breach
Companies are leveraging the power of Kubernetes to accelerate the delivery of applications to meet the pace of business. However, the dynamic nature of Kubernetes makes it operationally challenging to protect applications against vulnerabilities and threat actors deploying APTs, zero-day attacks, and other exploits. Calico’s IDS protects sensitive data from these threats using a highly-effective combination of automated detection, response, and mitigation.