Calico Cloud is a pay-as-you-go SaaS platform for Kubernetes security and observability. Calico Cloud gives DevOps, DevSecOps, Security, Platform and Site Reliability Engineering (SRE) teams a single pane of glass across multi-cluster and multi-cloud Kubernetes environments to deploy egress access controls, microsegmentation, enforce security policies, ensure compliance, get end-to-end visibility, and troubleshoot applications.
Instead of managing a platform for Kubernetes security and observability, teams consume it as a managed service for faster analysis, relevant actions, and end results. They get an understanding of the microservices dependencies, the way to manage, analyze, and troubleshoot performance hotspots, connectivity, and detect anomalies without going through an extensive setup and deployment process. With Calico Cloud, users only pay for services consumed and are billed monthly, getting immediate value without upfront investment.
Control north-south traffic, limit access to external endpoints on a per-pod basis, and protect your Kubernetes cluster.
The Calico Cloud Egress Gateway enables you to securely integrate with firewalls, monitoring systems like SIEMs, and other systems that don’t understand the dynamic nature of container orchestration.
You can author DNS Policies that implement fine-grained access controls between a workload and the external services it needs to connect to, like Amazon RDS, ElasticCache, and more.
East-West controls enable you to limit the blast radius when a security breach results in an APT (advanced persistent threat). You can perform micro-segmentation for both container and VM workloads. Calico Cloud’s “defense-in-depth” approach provides protection on three levels: host, container/VM and application. Using a single policy framework, you can set controls at all of these levels using a declarative model.
If you’re working with sensitive data that falls under regulatory compliance mandates like PCI, HIPAA, SOC2, or GDPR, Calico Cloud provides data-in-transit encryption with industry-leading performance, as well as compliance reporting for security policies and controls.
Calico Cloud has an incredibly rich Intrusion Detection feature set that includes threat feeds to identify known bad actors like bots, custom alerts for known attacks, anomaly detection, and honeypods. It includes an automated approach to malware detection and response to target and remediate threats like DGA (Domain Generation Algorithm) and the unpatched Kubernetes CVE-2020-8554 vulnerability.
Distributed applications on agile infrastructure are difficult to troubleshoot. Calico Cloud provides dynamically generated service graph that enables anyone to easily understand how microservices are behaving and interacting with each other at run-time, thus simplifying the troubleshooting process and anomaly detection.
Dynamic Service Graph provides a rich set of information with Kubernetes context including across which namespaces, microservices and pods are communicating, detailed DNS information, detailed logs for every single flow in your cluster, and how security policies are being evaluated. You can quickly identify the source of a problem at the application, process, and socket levels as well as through an automated packet capture function.
Unified controls are required for consistent security and observability across multi-cluster, multi-cloud and hybrid cloud environments. Calico Cloud provides a single pane of glass to ensure consistent application of security controls across both containers and VMs in heterogeneous environments. Unified controls reduce the complexity for DevOps teams running the clusters by supporting self-service security and CI/CD integration. Using “Security as code”, Calico Cloud fully automates the cluster-wide, end-to-end policy deployment process including any necessary security changes.
Built on open-source Calico, the most widely adopted Kubernetes CNI, Calico Cloud also supports third-party CNIs including EKS VPC, Azure CNI, and GKE to expand your choice of public cloud providers.
Developers, Devops teams and SREs want to follow a simple workflow and generate security policies with minimal effort in their code. Calico Cloud allows them to create their own security policies within their tiers and customize permissions based on organizational structure.
Calico ensures the policies in the left-most tiers are given precedence over the right. Tiers are a Kubernetes object, so you can control who can view/modify policies in specific tiers. Every change of record to tiers and policies is captured, enabling you or auditors to go back in time for review or troubleshooting purposes.
Get Kubernetes networking, security, and observability with Calico Cloud in minutes for any kubernetes distribution across public cloud providers.