Compare Calico products

Active cloud-native application protection with full-stack observability for containers and Kubernetes

Product Editions

Calico Open Source

Open-source networking and security for containers and Kubernetes, powering 8M+ nodes daily across 166 countries.

Calico Cloud

Fully managed, pay-as-you-go SaaS for active security for containers and Kubernetes. Also offered as an annual subscription.

Calico Enterprise

Self-managed security and observability platform for containers and Kubernetes, hosted by the organization on-premises or in the public cloud.

Deployment Model

Calico Open Source

Calico Open Source is a networking and security solution for containers, virtual machines, and native host-based workloads that was born out of Project Calico.

Calico Open Source combines flexible networking capabilities with run-anywhere security enforcement to provide a solution with native Linux kernel performance and true cloud-native scalability.

Calico Cloud

Calico Cloud is the industry’s only active security platform with full-stack observability. It enables organizations to prevent attacks using zero trust, and to detect, troubleshoot, and automatically remediate exposure risks from security breaches across multi-cloud and hybrid deployments. Calico Cloud is built on Calico Open Source.

Calico Enterprise

Calico Enterprise is the industry’s only active security platform with full-stack observability for containers and Kubernetes. Calico Enterprise extends the declarative nature of Kubernetes to specify security and observability as code. This ensures consistent enforcement of security policies and compliance, and provides observability for troubleshooting across multi-cluster, multi-cloud and hybrid deployments.

Compare Products

Calico Open Source Calico Cloud Calico Enterprise
High-performance scalable pod networking
Advanced IP address management
Direct infrastructure peering without the overlay
eBPF Dataplane
Windows Dataplane
Dual ToR Peering
Security policy enforcement
Data-in-transit encryption
Hierarchical tiers
Security policy preview, staging, and recommendation
FQDN / DNS based policy
Universal Firewall Integration
Egress Gateway
Identity-aware microsegementation for workloads
Workload-based IDS/IPS, DPI, DDoS protection
Workload-centric WAF
Application Level Policy (Tech Preview)
Container-based Threat Protection
Malware Detection
Compliance reporting & alerts
Kubernetes Security Posture Management (KSPM)
SIEM Integrations
Image Assurance
Admission Controller
Dynamic Service and Threat Graph
Application Level Observability
Dynamic Packet Capture
DNS Dashboards
Flow visualizer
Multi cluster, multi-cloud & hybrid Cloud networking
Cluster Mesh
Support and Maintenance
Support and Maintenance Community-driven Standard/Business Standard/Business

Get Started