Istio with Tigera Secure

A Unified Defense-in-Depth Approach for Kubernetes Application and Network Security


Kubernetes Security & Istio

With the adoption of a micro-service architecture and containers in modern applications, east-west network traffic has grown substantially. Microservices generate much of this traffic as they rely on the network to execute business logic, increasing the surface area exposed to attackers.  The emergence of Kubernetes as the container orchestrator of choice gives bad actors a common target to deploy advanced techniques to infiltrate these environments.

As a result, many businesses have started to evaluate the security features of Istio when deploying it as a service mesh. The issue is that, given the nature of the attacks, zero trust Kubernetes network security application, like Tigera, provides additional protection beyond Istio native security capabilities with a model that protects at the application, network, and the host layer.

While Istio is platform independent, using it with Kubernetes (or infrastructure) network policies, the benefits are even greater, including the ability to secure pod-to-pod or service-to-service communication at the network and application layers.

We’re Tigera, the people behind the open source Project Calico. Our technology is the de-facto standard for Kubernetes network security and is embedded in all major cloud providers (AWS EKS, Azure AKS, Google GKE, IBM Cloud Kubernetes Service), embedded in Docker Enterprise and integrated with Red Hat OpenShift. We also co-chair the Istio security working group.

Learn more about creating a true defense-in-depth security posture with Istio and Tigera Secure. Complete the form and download the Istio Guide.