- Any Kubernetes distribution, any cloud, any application
- Purpose-built for DevOps and SREs
- Get up and running in minutes

Why Calico Cloud?
Solution
Key Features
Why Calico Cloud?
Cloud-native applications are composed of containers and microservices that directly access other public cloud services, cloud and legacy applications. Traditional perimeter-based security solutions are unaware of containers and microservices inside a Kubernetes cluster. Moreover, microservices are highly dynamic and ephemeral rendering any static IP address-based security control inadequate. The deployment characteristics of cloud-native applications make them harder to secure, observe and troubleshoot.
Without granular levels of security and observability, there is a potential for unauthorized access to and from microservices. And once a service is compromised, it is easy for the malicious actors to move laterally.
Calico Cloud’s Kubernetes native architecture extends the declarative nature of Kubernetes to specify “security and observability as code,” which ensures consistent enforcement of security policies and compliance and provides observability and troubleshooting across multi-cluster, multi-cloud and hybrid deployments.

Solution

North-South Controls
Control north-south traffic, limit access to external endpoints on a per-pod basis and protect your Kubernetes cluster.
The Calico Cloud Egress Gateway enables you to securely integrate with firewalls, monitoring systems like SIEMS, and other systems that don’t understand the dynamic nature of container orchestration.
You can author DNS Policies that implement fine-grained access controls between a workload and the external services it needs to connect to, like Amazon RDS, ElasticCache, and more. In addition, Calico Cloud tightly integrates with AWS Security Groups giving you secure, pod-level access to Amazon EKS.
CAPABILITIES INCLUDE
- DNS Policy
- Egress Gateway
- AWS Security Group Integration


East-West Controls
East-West controls enable you to limit the blast radius when a security breach results in an APT (advanced persistent threat). You can perform micro-segmentation for both container and VM workloads. Calico Cloud’s “defense-in-depth” approach provides protection on three levels: host, container/VM and application. Using a single policy framework, you can set controls at all of these levels using a declarative model.
CAPABILITIES INCLUDE
- Microsegmentation
- Host, Container/VM and application protection
- Single policy framework
Security and Compliance
If you’re working with sensitive data that falls under regulatory compliance mandates like PCI, HIPAA, SOC2, or GDPR, Calico Enterprise provides data-in-transit encryption with industry-leading performance, as well as compliance reporting for security policies and controls.
Calico Cloud has an incredibly rich Intrusion Detection feature set that includes threat feeds to identify known bad actors like bots, custom alerts for known attacks, anomaly detection, and honeypods. We take an automated approach to malware detection and response to target and remediate threats like DGA (Domain Generation Algorithm) and the unpatched Kubernetes CVE-2020-8554 vulnerability.
CAPABILITIES INCLUDE
- Data-in-Transit Encryption
- Intrusion Detection and Prevention
- Compliance Reporting and Alerts


Observability
Distributed applications are very difficult to troubleshoot. Calico Cloud solves that problem by dynamically generating a service graph that enables anyone to easily understand how microservices are behaving and interacting with each other at run-time, simplifying the debugging process.
Dynamic Service Graph provides a rich set of information with Kubernetes context including across which namespaces workloads are communicating, detailed DNS information, detailed logs for every single flow in your cluster, and how network policies are being evaluated. Software engineers can quickly identify the source of a problem at the application, process, and socket levels as well as through an automated packet capture function.
CAPABILITIES INCLUDE
- Dynamic Service Graph
- Flow Log Visualizer
- Dynamic Packet Capture
- DNS Dashboard
- Application Layer Observability
Unified Controls
Unified controls in Calico Cloud enable security and observability across multi-cluster, multi-cloud and hybrid cloud environments, and provide a single pane of glass to ensure consistent application of security controls across both containers and VMs. Unified controls also reduce the complexity for DevOps teams running the clusters by supporting self-service security and CI/CD integration. Using “policy as code”, Calico Cloud fully automates the cluster-wide, end-to-end policy deployment process including any necessary security changes.
Built on open-source Calico, the most widely adopted Kubernetes CNI, Calico Cloud also supports third-party CNIs including EKS VPC, Azure CNI, and GKE to expand your choice of public cloud providers.
CAPABILITIES INCLUDE
- Unified Controls: Security and Observability across Multi-cluster, Multi- and Hybrid Cloud Environments
- Self-Service Security
- Policy Tiers

Key Features
Unified Control
Self-Service Security
Egress Gateway
Compliance Reporting & Alerts
Application Layer Observability
DNS Policy
DNS Dashboard
Dynamic Service Graph
Flow Visualizer
Dynamic Packet Capture
Host, Container/VM & Application protection
Data-in-Transit Encryption
Intrusion Detection and Prevention (IDS/ IPS)
Microsegmentation
AWS Security Groups Integration
Policy Tiers
Ready to Get Started?
(No credit-card required)