Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.
Tigera now delivers universal microsegmentation capabilities with Calico.
Designed to support a diverse range of workloads, including virtual machines (VM), containers, and bare metals, Calico provides a robust, dynamic, and high-performance network policy engine to perform segmentation across both on-premises and cloud deployments.
Calico provides dynamic segmentation capabilities based on workload metadata such as namespace and labels, which ensures that new workloads are segmented automatically upon deployment. Calico simplifies the segmentation process with declarative, user-friendly policy language, complemented by an intuitive policy user interface to enforce this segmentation. This simplicity not only eases the creation of network policies but also enhances troubleshooting through the integration of Calico flow logs and observability capabilities, leading to a seamless and efficient operational experience.
Calico's microsegmentation offers several benefits for managing different workloads:
- Unified Security Model: Provides a consistent security model across various environments.
- Simplified Management: Unified security model simplifies the creation and enforcement of network policies across different types of infrastructure.
- Agile Policy Management: Network policies are dynamically applied as workloads are moved, created, or terminated, ensuring network policies are always up-to-date without manual intervention.
- Granular Policies: Allows the creation of fine-grained policies for particular workloads in a hybrid environment, providing precise control over allowed and denied traffic.
- Reduced Overhead: With a single segmentation solution, enterprises also lower the overhead of managing multiple segmentation solutions.
Calico provides users with the following key features:
- Tenant and Workload Isolation: Author, preview, stage and enforce network policies at the networking and application layer. Use Calico to define which pods, services, or namespaces can communicate with each other by leveraging Kubernetes-native constructs like labels and namespaces, thus preventing unauthorized access and enhancing security across the cluster.
- Automatic Namespace Isolation: Calico automatically isolates tenants in separate namespaces, thus restricting any unauthorized communication between tenants by default and preventing lateral movement of threats within a cluster.
- Automated Policy Recommendations: Calico's policy recommendation engine recommends policies based on the traffic flow of an organization's workloads and can be enforced with just one click, without the need for coding. All recommended policies can also be modified before enforcement.
- Policy Lifecycle Management: Calico helps preview and stage policies prior to enforcement to secure workloads and understand policies' impact on the application's performance and security posture. It also provides immediate feedback on policy rule changes in the production environment before enforcement.
- Dynamic Policy Enforcement: With Calico's Dynamic Policy Segmentation, users experience real-time network policy updates within milliseconds, ensuring immediate response to network changes and minimizing the risk of potential vulnerabilities.
- Policy as Code: Calico implements network security and observability as code, enabling automated, scalable, and compliant workload management. It uses Kubernetes primitives and declarative models, using the same versioning that teams use for source code. This ensures continuous compliance and security for all components, regardless of deployment, distribution, or container type.
- Observability: Calico's Dynamic Service & Threat Graph, built on flow logs, collects and analyzes information about applications and their communication flows to create a comprehensive map that helps administrators eliminate the speculation often involved in understanding an application's upstream and downstream dependencies and policy gaps.
- Distributed IDS/IPS: Calico's workload-centric IDS/IPS protects against network-based threats by ingesting different threat feeds such as AlienVault by default and custom sources to pinpoint the source of malicious activity in case of a breach.
"Traditional network segmentation solutions, designed for static VM environments, are inadequate for the dynamic and ever-evolving nature of Kubernetes," said Amit Gupta, Chief Product Officer, Tigera. "A modern segmentation solution needs to cater to both VMs and containers across single and hybrid environments, spread across on-premises and public cloud. Calico addresses these needs with its advanced microsegmentation capabilities, offering a unified security model, streamlined management, dynamic policy enforcement, granular policies, and reduced overhead. Enterprises that integrate Calico can achieve seamless and efficient segmentation that keeps pace with their virtualization environments."
Industry News
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:
Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.
Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.
OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.
Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.
Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.
Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.
Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.
Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.
MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.
Elastic announced its AI ecosystem to help enterprise developers accelerate building and deploying their Retrieval Augmented Generation (RAG) applications.
Red Hat introduced new capabilities and enhancements for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes, as well as the technology preview of Red Hat OpenShift Lightspeed.
Traefik Labs announced API Sandbox as a Service to streamline and accelerate mock API development, and Traefik Proxy v3.2.