Compare Calico products

Active cloud-native application protection with full-stack observability for containers, Kubernetes, and cloud

Product Editions

Calico Open Source

Open-source networking and security for containers and Kubernetes, powering 2M+ nodes daily across 166 countries.

Calico Cloud

Fully managed pay-as-you-go SaaS for active security for cloud-native applications running on containers, Kubernetes, and cloud. Also offered as an annual subscription.

Calico Enterprise

Self-managed, active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers, Kubernetes, and cloud. Hosted by the organization on-premises or in the public cloud.

Deployment Model

Calico Open Source

Calico Open Source is a networking and security solution for containers, virtual machines, and native host-based workloads that was born out of Project Calico.

Calico Open Source combines flexible networking capabilities with run-anywhere security enforcement to provide a solution with native Linux kernel performance and true cloud-native scalability.

Calico Cloud

Calico Cloud is the industry’s only SaaS for active security for cloud-native applications running on containers, Kubernetes, and cloud. It enables organizations to prevent attacks using zero trust, and to detect, troubleshoot, and automatically remediate exposure risks from security issues in build, deploy, and runtime stages across multi-cloud and hybrid deployments.

Calico Enterprise

Calico Enterprise is the industry’s only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers and Kubernetes. Calico Enterprise extends the declarative nature of Kubernetes to specify security and observability as code. This ensures consistent enforcement of security policies and compliance, and provides observability for troubleshooting across multi-cluster, multi-cloud and hybrid deployments.

Compare Products

Networking
High-performance scalable pod networking
Advanced IP address management
Direct infrastructure peering without the overlay
eBPF Dataplane
Windows Dataplane
Dual ToR Peering
Security
Security policy enforcement
Data-in-transit encryption
Hierarchical tiers
FQDN / DNS based policy
Identity-aware microsegementation for workloads
Security policy preview, staging, and recommendation
Compliance reporting & alerts
SIEM Integrations
Image Assurance
Admission Controller
Configuration Security (includes KSPM)
Workload-based IDS/IPS, DPI, DDoS protection and WAF
Envoy based Application Level Security
Malware Protection
ML-based Zero-day Workload Protection
Observability
Dynamic Service and Threat Graph
Application Layer Observability
Dynamic Packet Capture
DNS Dashboards
Flow visualizer
Management
Multi cluster, multi-cloud & hybrid cloud networking
Support and Maintenance
Support and Maintenance
Community-driven

Starter/Pro:
No Maintenance Required

Standard/Business