Microsegmentation

Deploy a scalable, unified microsegmentation model and security policy framework for workloads across all your environments: hosts, virtual machines, containers, and Kubernetes

 

Overview

Every cloud and hosting environment has a unique approach to segmentation, which leads to operational overhead and security gaps when segmenting traffic within and between these environments. Calico provides a common segmentation model providing a unified policy framework that works across all of your workload environments, including hosts, VMs, Kubernetes components, and services while scaling to meet the expansion or contraction of your microservices environment.

Benefits

Eliminates Lateral Movement

Eliminates the risks associated with lateral movement in the cluster by cyberattackers in search of sensitive data and other high-value assets

Works Everywhere

Eliminates the operational inefficiencies of deploying multiple, siloed, segmentation solutions by providing a single, unified security model and single-policy framework that works seamlessly across multiple application and workload environments

Instant Response

Enables faster response to security threats with a cloud-native distributed architecture that can dynamically enforce security policy changes across cloud-scale environments in milliseconds in response to an attack

Key Features

Common Segmentation Model

Calico’s common segmentation model unified policy framework works across all your environments, including any combination of cloud providers, cloud instances, Kubernetes distributions, containers, virtual machines, and bare metals.

Until now, each environment required its own methodology for segmentation. For example:

  • AWS Security Groups
  • Azure Network Security Groups
  • Google Cloud Firewalls
  • VMware NSX

Calico changes that paradigm by providing a unified security policy framework that provides a defense-in-depth security posture when deployed in conjunction with existing security controls.

Dynamic Segmentation

Calico segments workloads based on metadata and labels attached to those workloads. This enables you to securely deploy new or updated workloads without having to add or change your segmentation policies.

This approach eliminates complexity and operational overhead associated with policy management.

Performance at Scale

Many segmentation tools utilize a central policy evaluation engine that becomes a choke point for cloud deployments. When using this legacy architecture, changes to segmentation policies can take hours to take effect. When auto-scaling your microservices or deploying changes, this time lag results in lengthy deployment times and can cause service outages.

Calico Enterprise and Calico Cloud utilize a cloud-native distributed architecture that can accept and enforce changes across cloud-scale environments in milliseconds. This enables rapid auto-scaling of your microservices environment as well as the ability to rapidly thwart security incidents by rolling out segmentation policy changes in response to an attack.

How It Works

 

Resources

Blog

Learn More

Free eBook

Learn More

Documentation

Learn More