Intrusion Detection

Purpose-built for Kubernetes

Overview Video (3min 25s)

In addition to Cloud Microsegmentation and Zero Trust Network Security, Calico Enterprise provides another layer of security through its Intrusion detection system (IDS).

Calico Enterprise IDS identifies Advanced persistent threats (APTs) through behavior-based detection using machine learning and a rule-based engine that enables active monitoring.

Block Known Bad Actors

Block ingress/egress to known bad actors

Learn more about Threat Feed Integration

Identify Malicious Activity

Identify, alert, and block malicious activity

Learn more about Custom Alerts on for Known Attacks

Anomaly Detection

Detect and block zero-day exploits

Learn more about Anomaly Detection

Moat for Critical Workloads

Alert unusual activity related to critical workloads

Learn more about Configure Security for Critical Workloads

Honey Pods

Fake pods that collect data and generate alerts

Learn more about Calico Enterprise HoneyPods

Automated Mitigation

Quarantine malicious workloads

Learn more about Automate Remediation

Product Details Video (3mins 49s)

Threat Feed Integration

Calico Enterprise ingests threat feeds that identify IPs for known bad actors such as botnets. Any ingress or egress traffic to those IPs are automatically blocked and can be configured to generate alerts. In addition, traffic to VPNs and TOR exit nodes is blocked and alerted on.

Firewall often detect and block traffic associated with known bad actors, but do not have visibility into which pod is infected. Calico Enterprise can pinpoint and report on the source of malicious traffic.

Custom Alerts for Known Attacks

Calico Enterprise can alert on unauthorized changes to your cluster and security policies as well as known attack patterns such as domain generation algorithms. Alerts are available out-of-the-box and can be customized or added by your security researchers or ours.

Anomaly Detection

Calico Enterprise evaluates Network flows using machine learning to identify the baseline behavior of your microservice environment and can generate alerts when unexpected behavior is detected. This enables you to detect and protect your network against zero-day exploits.

Port scans, IP sweeps, and service byte anomalies can all be indicators that your environment has been compromised and is hosting an advanced persistent threat. Calico Enterprise detects and alerts on that activity and can quarantine those workloads.

Calico Enterprise can also detect and prevent OWASP Top 10 attacks targeting your microservices.

Configure Security for Critical Workloads

A small set of your workloads may have access to sensitive data, and you will want to put additional detection and alerting for those microservices.

Calico Enterprise provides the ability to configure policies and alerts for a subset of your environment that will detect and alert on abnormal activity, effectively utilizing a moat to protect your critical workloads.

Defining your moat is as simple as using a label and then defining detailed alerts for workloads utilizing those labels.

Calico Enterprise HoneyPods

While inspecting all the network data can enable you to detect attacks, this can cause a huge performance penalty. Calico Enterprise utilizes an elegant approach to identify traffic that warrants deeper inspection.

Calico Enterprise Honeypods are fake pods that run in your cluster. All traffic to these pods generates alerts that trigger further inspection of data.

Once any traffic hits a honeypot, Calico Enterprise inspects packets from this traffic and analyzes it for well-known malware signatures using SNORT and other tools.

Automate Remediation

Calico Enterprise Alerts can trigger automated remediation by cutting the rogue microservice off from the network and generating policy recommendations to prevent future attacks.
The quarantined workload can be left running to allow your SOC Analysts to investigate the malicious workload.

Interested in trying Calico Enterprise IDS for Kubernetes?

Sign up for a free trial or get a demo