Identity-Aware Microsegmentation

Implement workload isolation and prevent lateral movement of threats with workload-based microsegmentation.

Use case demonstration: Microsegmentation


Segment workloads based on application tiers, compliance, and access. Prevent lateral movement of threats in the cluster

Workload Isolation

Restrict access to workloads to prevent unauthorized lateral movement

Eliminate Lateral Movement in the Cluster

Stop attackers from searching for high-value assets

Instant Threat Response and Mitigation

Enforce security policy changes in milliseconds for instant threat responses

Trusted by Customers Worldwide

Calico is the chosen active security platform for enterprises small and large

Dynamic Segmentation

Segmentation based on workload metadata such as pod name, namespace, node, labels, and annotations.

The use of labels ensures that new workloads are segmented automatically upon deployment.

Segmentation Granularity

Enforce workload-level, environment-based, or application-tier segmentation for containers, Kubernetes, VMs, and more in test and in production.

Implement segmentation to comply with industry or custom regulatory frameworks.

Policy Creation and Enforcement

Create, stage, preview, deploy, and manage granular, zero-trust security policies at the workload level.

Enforce hierarchical policy tiers and get real-time policy evaluations.

Policy Recommendations

Single-click solution to generate policies and isolate workloads at the namespace level.

Fast-track microsegmentation without the need to inspect and analyze workload interactions. Jumpstart security policy creation and microsegmentation for first-time application deployments.

Scalability and High Performance

Eliminate centralized congestion points associated with legacy workload microsegmentation approaches that can impact performance with Calico’s cloud-native distributed architecture.

Securely deploy new workloads to environments with tens of thousands of servers, and be online in milliseconds instead of taking days.

Available on Microsoft Azure and AWS Marketplace

Get started right away on Azure or AWS—every Calico component you need to get up and running is ready to go.

Customer Testimonial

Here’s what our customers are saying about us

Rafay provides Calico to customers by default. Without Calico, our customers would need to go through a lengthy and invasive process of re-provisioning their clusters in order to enforce granular networking and security and flexible IPAM for multi-tenant clusters.
Mohan Atreya
Senior VP of Product and Solutions,
Learn More
Read Customer Stories

Featured Resources

Developer-created resources to help you secure your Kubernetes deployment

White Paper

Implement Microsegmentation for Cloud-Native Workloads

Find out why traditional network-based segmentation doesn't work for cloud-native applications.
Read More

Microsegmentation Datasheet

Scalable, unified microsegmentation for cloud-native workloads across all of your environments.
Read More

Tigera Tutorials

From security issues to observability challenges, learn how to address pain points in our hands-on tutorials.
Read More
All Resources

Ready to Get Started?

Start a free trial or contact us to see Calico in action