Cloud-native applications require a modern approach based on the zero-trust principles of identity-based access, least privilege access, and proactively detecting threats and reducing the blast radius in case of a breach.
Calico Cloud enables fine-grained, zero-trust workload access controls between your microservices and external databases, cloud services, APIs, and other applications. It also prevents the lateral movement of threats with identity-aware segmentation that works across all of your workload environments, including hosts, VMs, Kubernetes components, and services. Finally, Calico Cloud provides workload-based security controls for runtime intrusion detection and prevention, protection from DDoS attacks, deep packet inspection (DPI) and an envoy-based web application firewall (WAF) capability.
Zero-trust workload access
Secure access from cloud-native workloads to external resources including cloud services, databases, and 3rd-party APIs
Limit the blast radius of breaches
Eliminate the risks associated with lateral movement of malicious actors in the cluster
Protection from network-based threats
Protect containerized applications on Kubernetes from network-based threats using integrated threat feeds and anomaly detection to monitor for indicators of compromise (IoCs)
Zero-Trust Workload Access Controls
Calico provides an Egress Access Gateway, DNS policy, and Networksets to restrict access between individual pods in a Kubernetes cluster and external resources or other workloads. Learn more.
Calico’s unified security policy framework provides a defense-in-depth security posture. It segments workloads based on metadata and labels attached to those workloads, thus simplifying new or updated workload deployment without having to add or change your segmentation policies. Learn more.
Workload-based IDS/IPS, DPI, DDoS protection, and WAF
Calico protects containerized workloads at a granular container level from network-based external threats and lateral movement. With support for both north-south and east-west security, Calico’s firewall prevents malicious actors from gaining a foothold and moving laterally across Kubernetes clusters.
Calico also provides the following for network-based attacks:
- Security as declarative code to protect containers
- Intrusion detection and prevention
- Deep packet inspection
- Protection from DDoS attacks
- Honeypods to detect and trap malicious traffic/actors/activity
How It Works
Learn how Calico Cloud provides cloud-native network security with zero-trust workload access controls, identity-aware microsegmentation, and workload-based IDS/IPS, DPI, DDoS protection, and WAF