Calico Enterprise

Zero Trust Network Security and Continuous Compliance for Kubernetes Platforms

 

Calico Enterprise Secures
Modern and Legacy Workloads

Calico Enterprise enables a workload to workload Zero Trust model that protects modern business applications and extends through the rest of the legacy applications to provide a stronger security posture across the enterprise. It enforces security around each workload; whether running on a Container, VM or Host. No traffic is trusted, and all traffic is verified via service-to-service authentication that is executed via encrypted channels.

Calico Enterprise integrates with your existing environment, tools, and SOC. It applies security policy that provides anomaly detection and traffic visibility that help detect and fight threats. It automates audit reports that enable proof to auditors seeking evidence to assure your compliance controls are established and working.

Flow Logs with Workload Metadata

Most organizations are using an existing system to capture flow logs. Calico Enterprise integrates with existing security operations center (SOC) threat analytic and log aggregation systems.

Workload identity is appended to 5-tuple flow logs to provide accurate data for dynamic and ephemeral workloads like containers.

Calico Enterprise flow logs are configured at the policy level or the node level. Log data generated can be configured and include all connections, accepted connections, denied connections, or traffic based on any security policy.

For Kubernetes environments like Amazon EKS, bi-directional flow logs are generated for all pods as well as host connections and include workload identity as well as pod and host labels.

Fine Grained Access Controls
to Resources Outside Your Cluster

Your Kubernetes pods may need to communicate with resources outside of the cluster such as databases, third-party APIs, or cloud services. Firewalls and cloud-native security groups cannot limit access to a single pod, the best you can do is allow all pods access to the external resource.

Calico Enterprise enables fine-grained policy control within and outside of the cluster. You can define policies that limit a single pod or collection of pods access to any external resource.

Calico Enterprise Enables Key Security Capabilities

Pod-level Access to External Resources

No matter where you are in your Kubernetes journey, sooner or later you’ll want to connect your k8s cluster to external resources like databases, cloud services and third-party APIs. Calico Enterprise can limit access from a k8s cluster to outside resources on a granular, per-pod basis. Platform teams can easily manage incremental migration of k8s workloads/applications into production while adhering to security compliance requirements.

Pod-level Access to External Resources

No matter where you are in your Kubernetes journey, sooner or later you’ll want to connect your k8s cluster to external resources like databases, cloud services and third-party APIs. Calico Enterprise can limit access from a k8s cluster to outside resources on a granular, per-pod basis. Platform teams can easily manage incremental migration of k8s workloads/applications into production while adhering to security compliance requirements.

Visibility and Troubleshooting

Service availability and uptime are paramount. So when issues arise in the IT infrastructure that impact reliability, you’ll want to resolve them quickly. Calico Enterprise gives you complete client-to-pod visibility in your k8s cluster. Detailed visualization of security policies and traffic flows enables faster discovery and resolution of complex connectivity issues. Platform teams are now able to meet service level goals.

Visibility and Troubleshooting

Service availability and uptime are paramount. So when issues arise in the IT infrastructure that impact reliability, you’ll want to resolve them quickly. Calico Enterprise gives you complete client-to-pod visibility in your k8s cluster. Detailed visualization of security policies and traffic flows enables faster discovery and resolution of complex connectivity issues. Platform teams are now able to meet service level goals.

Extend Enterprise Security to Kubernetes

Making the leap from pilot to production with your Kubernetes cluster? If so, you’ll have to adhere to existing security and compliance controls. By far the biggest challenge is implementing zone-based security in k8s. By applying some simple network policies, Calico Enterprise can implement your three-zone security architecture in k8s. Calico Enterprise automates the deployment, making it easy for you to scale as your cluster grows.

Extend Enterprise Security to Kubernetes

Making the leap from pilot to production with your Kubernetes cluster? If so, you’ll have to adhere to existing security and compliance controls. By far the biggest challenge is implementing zone-based security in k8s. By applying some simple network policies, Calico Enterprise can implement your three-zone security architecture in k8s. Calico Enterprise automates the deployment, making it easy for you to scale as your cluster grows.

Extend Firewalls to Kubernetes

Enterprise Security teams rely on firewalls to keep the bad guys out and prevent them from traversing the network. Firewall policies are based on IP addresses, don’t understand Kubernetes labels, and cannot track or enforce dynamic pod traffic. Tigera extends firewalls, enabling your security team to continue to use the process and tools they use today to secure your Kubernetes clusters.

Extend Firewalls to Kubernetes

Enterprise Security teams rely on firewalls to keep the bad guys out and prevent them from traversing the network. Firewall policies are based on IP addresses, don’t understand Kubernetes labels, and cannot track or enforce dynamic pod traffic. Tigera extends firewalls, enabling your security team to continue to use the process and tools they use today to secure your Kubernetes clusters.

Zero-Trust Network Security

With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.

Zero-Trust Network Security

With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.

Threat Detection

Applications running on Kubernetes have dynamic IP addresses. Firewalls and traditional flow logs are not effective for detecting & preventing indicators of compromise because they lack visibility and context such as namespace, pod, container id, and labels.

Threat Detection

Applications running on Kubernetes have dynamic IP addresses. Firewalls and traditional flow logs are not effective for detecting & preventing indicators of compromise because they lack visibility and context such as namespace, pod, container id, and labels.

Continuous Compliance

Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.

Continuous Compliance

Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.

Ready to get started?

Seeing is believing! Get a free demo of Calico Enterprise.

Get Your Free Trial of Calico Enterprise