Tigera, provider of the Cloud-native Application Protection Platform (CNAPP) with full-stack observability for containers and Kubernetes, announced the general availability of its container security features, including malware protection, Image Assurance with container scanning, runtime visibility of workloads and admission control policies.
With the availability of these features in Calico Cloud, customers have a single container security solution to improve security posture, reduce attack surface with fine-grained security controls and provide threat defense from threats. By identifying potential vulnerabilities in the build phase of the CI/CD pipeline, users can leverage a shift-left approach to security.
The container security features available in Calico Cloud include:
- Image scanning – Cloud-native application developers need access to safe and secure container images to build applications, and there are numerous vulnerabilities in public or private images and registries that need to be scanned regularly for security issues and non-compliant configurations. Calico Cloud allows users to scan container images locally when needed, and export the results to share with stakeholders to improve their security posture. DevOps teams can use this approach to integrate the scanner utility in their CI/CD pipeline for a streamlined security operation model. Users can get a detailed view of vulnerabilities in build images, providing a first line of defense against bad actors.
- Vulnerability management with automatic blocking of failed images – Customers can achieve high compliance standards and reduce the risk of deploying vulnerable images with admission policy controls that automatically block the deployment of failed images within their CI/CD pipeline.
- Visibility into high-risk workloads running in the environment – A runtime view of high-risk workloads correlating with the image scan results allows teams to prioritize remediation plans for existing workloads. Using Calico’s security policies, these workloads can be isolated from the rest of the application giving development teams more time to fix the issues.
- Runtime threat protection from network and host-based threats– For protecting containers and workloads from unknown threats and zero-day attacks, Calico Cloud offers runtime threat defense with malware protection and anomaly detection. Using a combination of machine learning and proprietary rulesets, Calico’s malware detection engine can identify suspicious activity in containers and workloads. Users can build a security policy to quarantine and isolate the affected workload while developers work on mitigating the security issue.
“Unlike competing solutions, which are reactive and focused on vulnerability detection, threat detection and alerting, Tigera’s solution does not just identify vulnerabilities and threats. Instead, it actively prevents attacks and mitigates risk by applying a zero-trust security approach to reduce the attack surface and prevent the lateral movement of threats, thereby safeguarding sensitive data,” said Ratan Tipirneni, president and CEO of Tigera
Calico Cloud provides a solution that helps prevent and detect threats and mitigate risk in containers and Kubernetes environments across build, deploy and runtime stages.
Click here to learn more about Tigera’s solutions or request a free trial.