Tigera provides the industry’s only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers, Kubernetes, and cloud. Our platform prevents, detects, troubleshoots, and automatically mitigates exposure risks of security issues in build, deploy, and runtime stages.
We deliver our platform as a fully managed SaaS (Calico Cloud) or a self-managed service (Calico Enterprise), and our open-source offering, Calico Open Source, is the most widely adopted container networking and security solution.
Tigera’s platform specifies security and observability as code to ensure consistent enforcement of security policies, which enables DevOps, platform, and security teams to protect workloads, detect threats, achieve continuous compliance, and troubleshoot service issues in real time.
Active build and runtime security
Tigera’s active, zero-trust based security for cloud-native applications enables you to prevent, detect, and mitigate threats. We focus on threat prevention by reducing the attack surface, then layer on threat detection and threat mitigation capabilities.
Reduce attack surface with zero trust
- Zero-trust workload access
- Identity-aware microsegmentation for workloads
- Universal firewall integration
Detect known and unknown threats
- Protect workloads from container and network based threats
- Workload-based WAF, IDS/IPS with deep packet inspection
- ML-based zero-day workload threat identification
- Protection from vulnerabilities and malware
Automatic risk mitigation
- Dynamic Service and Threat Graph
- Security policy recommender
- Admission Controller
- Alert, pause, quarantine, terminate compromised workloads
Security and observability as code
Cloud-native applications deployed in Kubernetes have ephemeral components with dynamic IPs that are distributed across multiple clusters, clouds, and hybrid environments. This makes it impossible to secure and troubleshoot these applications using traditional approaches. We solve this by enabling DevOps teams to specify security and observability as code (SOaC). SOaC is the configuration of security and observability at deployment time employing Kubernetes primitives and declarative models, using the same versioning that DevOps teams use for source code. Following the principle that the same source code generates the same binary, a SOaC approach ensures that any Kubernetes component generated with the code has the exact same security and observability confirmation regardless of the deployment model, type of distribution, or container type.
Kubernetes-native architecture for security and observability
We are Kubernetes-native and offer rich security and observability functionality by deeply integrating with Kubernetes’s core. We provide this functionality in Kubernetes clusters by adding new custom APIs and controllers, as well as providing infrastructure plugins for the core components of networking, storage, and container runtime. Being Kubernetes-native, we work with the Kubernetes command line interface (kubectl), which can be seamlessly integrated with Kubernetes features such as role-based access control (RBAC), service accounts, audit logs, etc.
Calico offers a number of additional custom resource definitions (CRDs) that extend Kubernetes APIs. Examples include GlobalNetworkPolicy, GlobalThreatFeed, GlobalAlerts, PacketCapture, StagedNetworkPolicy, and HostEndpoint.
Since Calico is Kubernetes-native, all of its security and observability features can be accessed via Kubernetes API server, making it possible to programmatically configure functionality.
Being Kubernetes-native means that the same functionality will work across multiple clusters, distributions, and deployment models.
Commitment to open source
We are committed to developing, cultivating and supporting open source projects and communities.
Project Calico: We are the creator and maintainer of Project Calico, which delivers open source Calico, the most widely adopted solution for container networking and security, powering 2M+ nodes daily across 166 countries.
eBPF, Envoy, and WireGuard: We actively use and promote popular open-source projects like eBPF, Envoy, and WireGuard. Calico provides a pluggable data-plane architecture enabling support for multiple data planes, including standard Linux, eBPF, and Windows. Calico also integrates with Envoy to provide observability functionality, and uses WireGuard to encrypt all in-cluster communications.
Loved by the community
The global Calico community is large and growing. We deliver more than 100 free technical training sessions annually to thousands of community members. We also offer free, self-paced Calico certification programs.
Trusted by companies all over the world
Calico is used by leading companies, including HanseMerkur, Merck, Mindbody, RealPage, L3Harris, Discover, AT&T, and ServiceNow.