Deploy and manage a consistent set of networking and security policies for Kubernetes clusters on Google Cloud Platform (GCP). Tigera provides an active Cloud-Native Application Platform (CNAPP) with full-stack observability for containers and Kubernetes that prevents, detects, troubleshoots, and automatically mitigates exposure risks of security issues in build, deploy, and runtime stages.
Calico Cloud enables organizations to prevent attacks using zero trust, and to detect, troubleshoot, and automatically remediate exposure risks from security issues in build, deploy, and runtime stages across multi-cloud and hybrid deployments.
- Reduce attack surface with zero trust:
- Enabling users to enforce zero-trust workload access
- Identity-aware micro-segmentation for workloads
- Universal Firewall integration
- Envoy-based application-level security
- Detect known and unknown threats:
- Protect workloads from container and network based threats
- Workload-based WAF, IDS/IPS with Deep packet inspection, DDoS attack protection
- ML-based Zero-day workload threat identification
- Vulnerabilities and Malware protection
- Automatic risk mitigation:
- Dynamic Service and Threat Graph
- Dynamic Packet Capture
- Security policy recommender
- Admission Controller
- Security Policies to Alert, Pause, Quarantine, Terminate
How It Works
Calico provides a common networking and security policy model using Kubernetes constructs like labels and selectors to control and restrict access to specific namespaces, microservices, and pods.