Tigera Tightens Container Security by Adding Zero Trust to Calico Cloud

Tigera has introduced what it calls “the industry’s most comprehensive active cloud-native application security.” The modification it has made goes beyond detecting threats to limit exposure – enforcing strict verification for workload access for better prevention – and has the ability to remediate risks in real time.

The Tigera cloud-native application protection platform (CNAPP), Calico Cloud, takes an active approach to security by bringing zero-trust principles to reduce the application’s attack surface, harnessing machine learning to combat runtime security risks from known and zero-day threats, enabling continuous compliance, prioritizing and remediating the risks from vulnerabilities and attacks through security policy changes.

Adoption of cloud-native applications combined with the use of open-source software, agile approaches to development and limited skilled personnel has resulted in widening security gaps that lead to exposure.

CNAPPs help security teams address this by detecting vulnerabilities and zero-day threats, but few go far enough to reduce attack surfaces and mitigate risks that threaten business operations. 

Calico Cloud adds build-time security with image assurance – Calico Cloud introduces a scanning engine to assess images for vulnerabilities and misconfigurations. It extends observability capabilities by correlating image scan results to provide a real-time view of the images running in Kubernetes clusters and any potential risk associated with them. Calico Cloud delivers active security during build and deploy time with an admission controller, which can block the deployment of pods that contain high-severity vulnerabilities. 

Calico Cloud improves configuration management for images, workloads and Kubernetes – Calico Cloud monitors images, workloads and Kubernetes infrastructure against common configuration security standards (CIS Benchmarks) and provides a detailed assessment report. Application and infrastructure owners can integrate these reports into their CI/CD pipeline or incident response workflows for active remediation. 

Calico Cloud brings zero-trust principles to cloud-native applications – Calico Cloud uses the principle of zero-trust to reduce the attack surface by enabling zero-trust workload access controls, identity-aware microsegmentation and integration with firewalls and security information and event management tools.  

Calico Cloud adds known and zero-day runtime threat defense – Calico Cloud delivers a comprehensive runtime threat defense for containerized workloads. Calico Cloud has built-in probes that collect workload activity data across network traffic, file system, processes, sys calls, binaries and more. The threat defense engine compares data from these probes, in near real time, with known malicious attacks. It uses machine learning to create a behavioral baseline of the workload, and Tigera’s curated ruleset based on historical attacks, to provide a comprehensive threat defense solution against zero-day threats. Calico Cloud offers workload-level intrusion detection and prevention, deep packet inspection (DPI), distributed denial-of-service (DDoS) attack prevention and application-level protection with a web application firewall (WAF). 

Calico Cloud improves observability with Dynamic Service and Threat Graph – Calico Cloud’s Dynamic Service and Threat Graph provides live visualization of communication among services, namespaces and workloads enabling faster troubleshooting. Security gaps and vulnerabilities are shown along with performance issues and communication breakdown between microservices. It’s easy to drill down into the visualization to perform troubleshooting and reduce the time and steps it takes to pinpoint and troubleshoot container or connectivity issues.

Calico Cloud integrated security policy engine remediates risks from exposure – Calico Cloud is built on Calico Open Source, the industry’s most widely used technology for container networking and security. With its integrated policy engine, Calico remediates the risk from exposure by deploying corrective security policies as code that can alert, pause, quarantine, or terminate pods.

Calico Cloud and Enterprise are available from Tigera and its partners, with pricing here. To learn more, join the launch event at 1 p.m. (ET) today. A replay will be available on-demand for anyone who registers. Users can also sign up for a hands-on evaluation with a 14-day free trial of Calico Cloud.