Tigera, the creator of Project Calico, today announced several new features that significantly advance Calico's network security and runtime security capabilities. Tigera will debut the latest updates to Calico Cloud, Calico Enterprise, and Calico Open Source during KubeCon North America at Booth #H7.
With the rise in artificial intelligence (AI) applications and the infrastructure trend of migrating from virtual machines (VMs) to Kubernetes, network security has become critical. Tigera's new updates to Calico extend its network security and visibility capabilities to VMs and hosts and provide several new enhancements for implementing network security.
The new release of Calico also includes essential capabilities for security teams. Today, there is a critical need to simplify security monitoring. Security operations teams are overwhelmed with the number of security events and false positives and need solutions that help them become more efficient and effective in their roles. Tigera has enhanced Calico's runtime security capabilities, including fine-tuning the detectors to eliminate noise and make the detection more targeted.
Network Security Enhancements
- Policy Tiers and Support for AdminNetwork and BaselineNetwork Policies: Calico now supports new Kubernetes policies and Calico policy tiers that provide granular control over policy precedence, ensuring predictable, consistent enforcement and enabling better collaboration between teams.
- Extend Calico Network Security Beyond Kubernetes to VMs and Hosts: Calico can protect VMs and hosts running outside of a Kubernetes cluster, significantly expanding the scope of how users can leverage Calico to secure application workloads.
- Native Support for nftables: Calico introduces native support for nftables, ensuring that Kubernetes users can smoothly transition from iptables to nftables while maintaining performance and compatibility.
- New Sidecar Deployment for Envoy in Calico: Ensures greater levels of compatibility with certain Kubernetes platforms such as GKE, AKS, EKS, and Wireguard.
Runtime Security Enhancements
- Fine-Tuned Runtime Threat Detection for Accuracy and Efficiency: Calico allows administrators to select which types of detectors to enable in their cluster, enabling teams to phase their deployment and tune and customize threat detection.
- Significant Reduction of False Positives: Calico enables operators to bypass threat detection for certain known processes, thereby eliminating false positives.
- Bolstered Network-Based Threat Detection: Calico supports the ability to customize SNORT rules for Deep Packet Inspection (DPI) on a workload basis to improve accuracy.
- Insight into the Exploitability of Vulnerabilities to Prioritize Remediation: Calico introduces new meta data, including the Exploit Prediction Scoring System (EPSS) and information on known exploits to estimate the likelihood that the software vulnerability will be exploited in the wild.
"We are pleased to extend Calico's renowned network security beyond Kubernetes clusters to virtual machines and hosts," said Amit Gupta, Chief Product Officer, Tigera. "Organizations can now use a single pane of glass to visualize and manage network security across their Kubernetes and non-Kubernetes environments. All network security features, including egress access controls and microsegmentation, will work in the same way they do in Kubernetes clusters. These updates further our mission to equip users with robust, comprehensive networking and security solutions to meet their modern business needs."
With these new updates, Calico provides platform and security engineers with more control, visibility, and efficiency in securing and managing their Kubernetes and hybrid environments. Calico's latest enhancements offer both flexibility for development teams and strict controls for platform and security teams. Learn more about Calico's new capabilities here.
Meet Tigera at KubeCon North America 2024
Register for CalicoCon 2024: On November 12, Tigera will host CalicoCon 2024, an immersive event led by the Calico team, where attendees will gain education, training, and best practices on Kubernetes networking, security, and observability. This event is a co-located event at KubeCon + CloudNativeCon North America 2024. KubeCon NA attendees can register by adding it to their existing registration using the CNCF portal.
Meet Tigera at Booth #H7: To get the latest updates on Calico's container networking and security advancements, visit Tigera at KubeCon North America 2024 at Booth #H7.
Hear from Tigera developers and engineers during KubeCon NA sessions:
- Casey Davenport, Developer, Tigera, will participate in the session: "How the Tables Have Turned: Kubernetes Says Goodbye to Iptables." Those attending KubeCon NA can register here.
- Shaun Crampton, Distinguished Engineer, Tigera, will participate in the session: "SIG Network Intro and Updates session." Those attending KubeCon NA can register here.
Click here to learn more about Tigera's solutions or request a free trial.