Tigera, the creator of Project Calico for container networking and security, introduced new features for Calico Enterprise and Calico Cloud to extend the products’ runtime threat defense capabilities.
Through Calico, Tigera equips security, DevOps and platform engineering teams with the deep visibility and monitoring required to bolster the security of their container platforms and containerized applications. The updates offer improved capabilities for observing and securing workload communication with Calico policies, deploying and operationalizing runtime threat detection and monitoring workloads for potentially malicious activity.
Tigera added new entry points to view flow logs directly from the endpoints listing, as well as View Policy pages within the product’s user interface. Instead of switching between dashboards, users can visualize which endpoints are involved in denied traffic, filter these workloads and view associated flows.
Enhancements to the View Policy pages also offer users a comprehensive visualization of the flows recently evaluated by that policy, to help make sense of denied traffic or updates to rules. These visualization improvements will help users shorten troubleshooting time and speed resolution.
Security events are generated from runtime threat detection features such as IDS/IPS, workload-centric WAF, network and container-based anomaly detection. These security events contain contextual metadata that helps facilitate the analysis and response to potential threats. The Calico update introduces enhancements to security events that help operationalize runtime threat detection.
Tigera is also launching a new dashboard to summarize and correlate security events, helping practitioners understand how events map across namespaces, MITRE techniques, event types and attack phases. Overall, this allows users to quickly make sense of potential threats, engage the right stakeholders, and start the incident response and investigation process.
Managing alert fatigue for security events has also been bolstered. Calico has new features that allow users to create custom exceptions with varying levels of scope, from excluding an entire namespace to a specific deployment or workload. These capabilities enable operators to fine-tune their runtime threat detection mechanisms currently deployed and focus investigations and response on their critical applications and infrastructure.
In addition, Calico now automatically performs a geolocation lookup for security events that contain external IP addresses to quickly distinguish between legitimate and malicious traffic. With this release, security events are also available via a webhook, enabling quick and easy direct integration with 3rd-party tools such as Jira and Slack, as well as supporting integration with other HTTP endpoints preferred by organizations.
“Modern organizations rely on containerized applications to run business operations and deliver core products and services,” said Amit Gupta, CPO, Tigera. “These latest updates to Calico underpin our ongoing commitment to providing organizations with a unified view of their containerized environments. We continue to innovate to provide comprehensive monitoring, analysis and visibility into potential threats to enable quick identification and mitigation of risks, and proactively enhance container and Kubernetes security posture.”
Information on Tigera’s channel partner program is available here.
