Every cloud and hosting environment has a unique approach to segmentation, which leads to operational overhead and security gaps when segmenting traffic within and between these environments. Calico provides a common segmentation model providing a unified policy framework that works across all of your workload environments, including hosts, VMs, Kubernetes components, and services while scaling to meet the expansion or contraction of your microservices environment.
Eliminates the risks associated with lateral movement in the cluster by cyberattackers in search of sensitive data and other high-value assets
Eliminates the operational inefficiencies of deploying multiple, siloed, segmentation solutions by providing a single, unified security model and single-policy framework that works seamlessly across multiple application and workload environments
Enables faster response to security threats with a cloud-native distributed architecture that can dynamically enforce security policy changes across cloud-scale environments in milliseconds in response to an attack
Calico’s common segmentation model unified policy framework works across all your environments, including any combination of cloud providers, cloud instances, Kubernetes distributions, containers, virtual machines, and bare metals.
Until now, each environment required its own methodology for segmentation. For example:
Calico changes that paradigm by providing a unified security policy framework that provides a defense-in-depth security posture when deployed in conjunction with existing security controls.
Calico segments workloads based on metadata and labels attached to those workloads. This enables you to securely deploy new or updated workloads without having to add or change your segmentation policies.
This approach eliminates complexity and operational overhead associated with policy management.
Many segmentation tools utilize a central policy evaluation engine that becomes a choke point for cloud deployments. When using this legacy architecture, changes to segmentation policies can take hours to take effect. When auto-scaling your microservices or deploying changes, this time lag results in lengthy deployment times and can cause service outages.
Calico Enterprise and Calico Cloud utilize a cloud-native distributed architecture that can accept and enforce changes across cloud-scale environments in milliseconds. This enables rapid auto-scaling of your microservices environment as well as the ability to rapidly thwart security incidents by rolling out segmentation policy changes in response to an attack.