Active cloud-native application protection with full-stack observability for containers and Kubernetes
Open-source networking and security for containers and Kubernetes, powering 2M+ nodes daily across 166 countries.
Fully managed, pay-as-you-go SaaS for active security for containers and Kubernetes. Also offered as an annual subscription.
Self-managed security and observability platform for containers and Kubernetes, hosted by the organization on-premises or in the public cloud.
Calico Open Source is a networking and security solution for containers, virtual machines, and native host-based workloads that was born out of Project Calico.
Calico Open Source combines flexible networking capabilities with run-anywhere security enforcement to provide a solution with native Linux kernel performance and true cloud-native scalability.
Calico Cloud is the industry’s only active security platform with full-stack observability. It enables organizations to prevent attacks using zero trust, and to detect, troubleshoot, and automatically remediate exposure risks from security breaches across multi-cloud and hybrid deployments. Calico Cloud is built on Calico Open Source.
Calico Enterprise is the industry’s only active security platform with full-stack observability for containers and Kubernetes. Calico Enterprise extends the declarative nature of Kubernetes to specify security and observability as code. This ensures consistent enforcement of security policies and compliance, and provides observability for troubleshooting across multi-cluster, multi-cloud and hybrid deployments.
| Calico Open Source | Calico Cloud | Calico Enterprise | |
|---|---|---|---|
| Networking | |||
| High-performance scalable pod networking | |||
| Advanced IP address management | |||
| Direct infrastructure peering without the overlay | |||
| eBPF Dataplane | |||
| Windows Dataplane | |||
| Dual ToR Peering | |||
| Security | |||
| Security policy enforcement | |||
| Data-in-transit encryption | |||
| Hierarchical tiers | |||
| Security policy preview, staging, and recommendation | |||
| FQDN / DNS based policy | |||
| Universal Firewall Integration | |||
| Egress Gateway | |||
| Identity-aware microsegementation for workloads | |||
| Workload-based IDS/IPS, DPI, DDoS protection | |||
| Workload-centric WAF | |||
| Application Level Policy (Tech Preview) | |||
| Container-based Threat Protection | |||
| Malware Detection | |||
| Compliance reporting & alerts | |||
| Kubernetes Security Posture Management (KSPM) | |||
| SIEM Integrations | |||
| Image Assurance | |||
| Admission Controller | |||
| Observability | |||
| Dynamic Service and Threat Graph | |||
| Application Level Observability | |||
| Dynamic Packet Capture | |||
| DNS Dashboards | |||
| Flow visualizer | |||
| Management | |||
| Multi cluster, multi-cloud & hybrid Cloud networking | |||
| Cluster Mesh | |||
| Support and Maintenance | |||
| Support and Maintenance | Community-driven | Standard/Business | Standard/Business |
