Zero Trust Network Security

The most-advanced network security available for dynamic Kubernetes workloads

Assume Something Has Been Compromised

Zero Trust assumes that at all times, something in your network has been compromised.

Threats can exist within the network, compromised infrastructure, and your workloads.

Tigera’s Zero Trust Security is a layered defense that does not trust infrastructure, the network, users, or workloads by default.

Workload Identity

Every Kubernetes Pod authenticates itself with Calico Enterprise using multiple sources of identity, similar to multi-factor authentication.

When a pod has established trust through authentication, it is authorized to connect to other workloads through the use of standard Kubernetes Network Policy.

If a pod cannot authenticate itself, it will not have any connectivity within your cluster.

Implement Least Privileges Security

Tigera uses a combination of policy tiering and whitelisting to achieve a least privileges security model.

Policy tiering enables security rules to be defined using Kubernetes Network Policies that cannot be overridden by any other policy. This enables security guardrails to be setup, while enabling the democratization of policy deployment.

By default, all pod to pod connections are denied. A network policy must be deployed with each workload to enable connectivity.

Calico Enterprise can automatically generate Kubernetes Network Policies for your DevOps team by observing and auditing the ingress and egress connections to any given Pod. This enables your DevOps team to generate and deploy policies without having to write them from scratch.

Enforce Security at Multiple Layers of the Infrastructure

Security at the Pod is not enough. The host itself may be compromised. Calico Enterprise evaluates traffic and enforces security policies at the host and the Pod.

That provides you a Defense in Depth security posture for your Kubernetes cluster.

Ready to get started?

Seeing is believing! Get a free demo of Calico Enterprise.