DEVOPSdigest

Tigera announced the General Availability (GA) of its new container security features, including malware protection during runtime, Image Assurance with container image scanning, runtime visibility of vulnerable workloads and admission control policies.

With the availability of these features in Calico Cloud, customers have a single container security solution to improve security posture, reduce attack surface with fine-grained security controls, and provide threat defense from network and host based threats. By identifying potential vulnerabilities in the build phase of the CI/CD pipeline, users can ultimately leverage a shift-left approach to security.

The new container security features available in Calico Cloud include:

- Image scanning – Cloud-native application developers need access to safe and secure container images to build applications. Calico Cloud allows users to scan container images locally when needed, and export the results to share with stakeholders to improve their security posture. DevOps teams can utilize this approach to integrate the scanner utility in their CI/CD pipeline for a streamlined security operation model. Users can now get a detailed view of vulnerabilities in build images, providing a first line of defense against bad actors.

- Vulnerability management with automatic blocking of failed images – Customers can achieve high compliance standards and reduce the risk of deploying vulnerable images with admission policy controls that automatically block the deployment of failed images within their CI/CD pipeline.

- Visibility into high-risk workloads running in the environment – Teams can now prioritize remediation plans for existing workloads using a runtime view of high-risk workloads correlating with the image scan results. Using Calico's security policies, these workloads can be isolated from the rest of the application giving development teams more time to fix the issues, thereby alleviating their burden.

- Runtime threat defense from network and host-based threats – Calico Cloud offers runtime threat defense with malware protection and anomaly detection to protect containers and workloads from unknown threats and zero-day attacks. Calico's malware detection engine uses a combination of machine learning and proprietary rulesets to identify suspicious activity in containers and workloads. Users can quickly build a security policy to quarantine and isolate the affected workload while developers work on mitigating the security issue. These new capabilities enhance Calico's robust runtime threat defense features such as Intrusion Detection and Prevention (IDS/IPS), DDoS protection and workload-centric web application firewall (WAF)

"We are pleased to offer the only solution that takes an active approach to container security with a focus on prevention and risk mitigation throughout the application lifecycle, from development through production," said Ratan Tipirneni, President and CEO of Tigera. "Unlike competing solutions, which are reactive and focused on vulnerability detection, threat detection and alerting, Tigera's solution does not just identify vulnerabilities and threats. Instead, it actively prevents attacks and mitigates risk by applying a zero-trust security approach to reduce the attack surface and prevent the lateral movement of threats, thereby safeguarding sensitive data."

Calico Cloud provides a solution that helps prevent and detect threats and mitigate risk in containers and Kubernetes environments across build, deploy and runtime stages.