Compare Calico products
Active cloud-native application protection with full-stack observability for containers, Kubernetes, and cloud

Product Editions
Calico Open Source
Open-source networking and security for containers and Kubernetes, powering 2M+ nodes daily across 166 countries.
Calico Cloud
Fully managed pay-as-you-go SaaS for active security for cloud-native applications running on containers, Kubernetes, and cloud. Also offered as an annual subscription.
Calico Enterprise
Self-managed, active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers, Kubernetes, and cloud. Hosted by the organization on-premises or in the public cloud.
Deployment Model

Calico Open Source
Calico Open Source is a networking and security solution for containers, virtual machines, and native host-based workloads that was born out of Project Calico.
Calico Open Source combines flexible networking capabilities with run-anywhere security enforcement to provide a solution with native Linux kernel performance and true cloud-native scalability.

Calico Cloud
Calico Cloud is the industry’s only SaaS for active security for cloud-native applications running on containers, Kubernetes, and cloud. It enables organizations to prevent attacks using zero trust, and to detect, troubleshoot, and automatically remediate exposure risks from security issues in build, deploy, and runtime stages across multi-cloud and hybrid deployments.

Calico Enterprise
Calico Enterprise is the industry’s only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers and Kubernetes. Calico Enterprise extends the declarative nature of Kubernetes to specify security and observability as code. This ensures consistent enforcement of security policies and compliance, and provides observability for troubleshooting across multi-cluster, multi-cloud and hybrid deployments.
Compare Products
|
|||
Networking
|
|||
High-performance scalable pod networking
|
|
|
|
Advanced IP address management
|
|
|
|
Direct infrastructure peering without the overlay
|
|
|
|
eBPF Dataplane
|
|
|
|
Windows Dataplane
|
|
|
|
Dual ToR Peering
|
|
|
|
Security
|
|||
Security policy enforcement
|
|
|
|
Data-in-transit encryption
|
|
|
|
Hierarchical tiers
|
|
|
|
FQDN / DNS based policy
|
|
|
|
Identity-aware microsegementation for workloads
|
|
|
|
Security policy preview, staging, and recommendation
|
|
|
|
Compliance reporting & alerts
|
|
|
|
SIEM Integrations
|
|
|
|
Image Assurance
|
|
|
|
Admission Controller
|
|
|
|
Configuration Security (includes KSPM)
|
|
|
|
Workload-based IDS/IPS, DPI, DDoS protection and WAF
|
|
|
|
Envoy based Application Level Security
|
|
|
|
Malware Protection
|
|
|
|
ML-based Zero-day Workload Protection
|
|
|
|
Observability
|
|||
Dynamic Service and Threat Graph
|
|
|
|
Application Layer Observability
|
|
|
|
Dynamic Packet Capture
|
|
|
|
DNS Dashboards
|
|
|
|
Flow visualizer
|
|
|
|
Management
|
|||
Multi cluster, multi-cloud & hybrid cloud networking
|
|
|
|
Support and Maintenance
|
|||
Support and Maintenance
|
Community-driven
|
Starter/Pro: |
Standard/Business
|