Visibility and Threat Detection

Painless compliance audits with a better security posture

Network Flow Visibility

Gaining Visibility into Kubernetes network flows enables you to debug connectivity issues.
It also enables automation, threat hunting, and machine learning that can detect and mitigate malicious traffic.

Debugging Connectivity Problems is Hard

It’s quite frustrating when your workload cannot connect to the services it needs to. Debugging connectivity issues is incredibly hard, especially if you have a soup of Network Policy YAML files to review.

Without Visibility, Breaches are Difficult to Detect and Mitigate

Without the ability to monitor and log network traffic, an attacker could be in your network for months attempting different attacks without being noticed. And even if an attack were suspected, identifying what was being attempted would not be possible without accurate flow logs.

Host Based Monitoring Doesn't Work

Host based network monitoring is often deployed to gain visibility into network flows. The data is typically logged as “5-tuple” data; the source and destination IP and ports, and the protocol.

That doesn’t work for Kubernetes workloads because the data lacks Kubernetes context like namespace, labels, and policies evaluating the traffic.

Debugging Connectivity Problems is Hard

It’s quite frustrating when your workload cannot connect to the services it needs to. Debugging connectivity issues is incredibly hard, especially if you have a soup of Network Policy YAML files to review.

Without Visibility, Breaches are Difficult to Detect and Mitigate

Without the ability to monitor and log network traffic, an attacker could be in your network for months attempting different attacks without being noticed. And even if an attack were suspected, identifying what was being attempted would not be possible without accurate flow logs.

Host Based Monitoring Doesn't Work

Host based network monitoring is often deployed to gain visibility into network flows. The data is typically logged as “5-tuple” data; the source and destination IP and ports, and the protocol.

That doesn’t work for Kubernetes workloads because the data lacks Kubernetes context like namespace, labels, and policies evaluating the traffic.

Network Flow Logging

Calico Enterprise monitors and logs all connection attempts inside and outside your cluster.

Calico Enterprise flow logs contain the context you need to debug connectivity problems and security issues. Each flow log contains Kubernetes context including Namespaces, Labels, which Network Policies evaluated the traffic and whether that policy accepted or denied the connection.

Anomaly Detection

Network flows are evaluated using machine learning to identify anomalous traffic.
Often legitimate traffic can be malicious, and Calico Enterprise helps you identify these potential threats.

Alerts can be generated and sent to your SOC or SIEM platform.

Threat Defense

Tigera integrates with threat feeds and enables you to automatically block traffic to known botnet servers and other bad actors.

Common attack patterns such as a running Domain Generation Algorithm are automatically detected, and custom attack patterns can be added by your security researchers or ours.

Learn More Use Cases

Extend Firewalls to Kubernetes

Extend your security controls to Kubernetes
Discover

Zero Trust Network Security

Extend your security controls to Kubernetes
Discover

Continuous Compliance

Continuous reporting, alert on non-compliance
Discover

Ready to get started?

Seeing is believing! Get a free demo of Calico Enterprise.

Pin It on Pinterest