Calico Announces Universal Microsegmentation for Containers and VMs
August 26, 2024

Tigera now delivers universal microsegmentation capabilities with Calico.

Designed to support a diverse range of workloads, including virtual machines (VM), containers, and bare metals, Calico provides a robust, dynamic, and high-performance network policy engine to perform segmentation across both on-premises and cloud deployments.

Calico provides dynamic segmentation capabilities based on workload metadata such as namespace and labels, which ensures that new workloads are segmented automatically upon deployment. Calico simplifies the segmentation process with declarative, user-friendly policy language, complemented by an intuitive policy user interface to enforce this segmentation. This simplicity not only eases the creation of network policies but also enhances troubleshooting through the integration of Calico flow logs and observability capabilities, leading to a seamless and efficient operational experience.

Calico's microsegmentation offers several benefits for managing different workloads:

- Unified Security Model: Provides a consistent security model across various environments.

- Simplified Management: Unified security model simplifies the creation and enforcement of network policies across different types of infrastructure.

- Agile Policy Management: Network policies are dynamically applied as workloads are moved, created, or terminated, ensuring network policies are always up-to-date without manual intervention.

- Granular Policies: Allows the creation of fine-grained policies for particular workloads in a hybrid environment, providing precise control over allowed and denied traffic.

- Reduced Overhead: With a single segmentation solution, enterprises also lower the overhead of managing multiple segmentation solutions.

Calico provides users with the following key features:

- Tenant and Workload Isolation: Author, preview, stage and enforce network policies at the networking and application layer. Use Calico to define which pods, services, or namespaces can communicate with each other by leveraging Kubernetes-native constructs like labels and namespaces, thus preventing unauthorized access and enhancing security across the cluster.

- Automatic Namespace Isolation: Calico automatically isolates tenants in separate namespaces, thus restricting any unauthorized communication between tenants by default and preventing lateral movement of threats within a cluster.

- Automated Policy Recommendations: Calico's policy recommendation engine recommends policies based on the traffic flow of an organization's workloads and can be enforced with just one click, without the need for coding. All recommended policies can also be modified before enforcement.

- Policy Lifecycle Management: Calico helps preview and stage policies prior to enforcement to secure workloads and understand policies' impact on the application's performance and security posture. It also provides immediate feedback on policy rule changes in the production environment before enforcement.

- Dynamic Policy Enforcement: With Calico's Dynamic Policy Segmentation, users experience real-time network policy updates within milliseconds, ensuring immediate response to network changes and minimizing the risk of potential vulnerabilities.

- Policy as Code: Calico implements network security and observability as code, enabling automated, scalable, and compliant workload management. It uses Kubernetes primitives and declarative models, using the same versioning that teams use for source code. This ensures continuous compliance and security for all components, regardless of deployment, distribution, or container type.

- Observability: Calico's Dynamic Service & Threat Graph, built on flow logs, collects and analyzes information about applications and their communication flows to create a comprehensive map that helps administrators eliminate the speculation often involved in understanding an application's upstream and downstream dependencies and policy gaps.

- Distributed IDS/IPS: Calico's workload-centric IDS/IPS protects against network-based threats by ingesting different threat feeds such as AlienVault by default and custom sources to pinpoint the source of malicious activity in case of a breach.

"Traditional network segmentation solutions, designed for static VM environments, are inadequate for the dynamic and ever-evolving nature of Kubernetes," said Amit Gupta, Chief Product Officer, Tigera. "A modern segmentation solution needs to cater to both VMs and containers across single and hybrid environments, spread across on-premises and public cloud. Calico addresses these needs with its advanced microsegmentation capabilities, offering a unified security model, streamlined management, dynamic policy enforcement, granular policies, and reduced overhead. Enterprises that integrate Calico can achieve seamless and efficient segmentation that keeps pace with their virtualization environments."

Share this

Industry News

November 21, 2024

Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.

November 21, 2024

Securiti announced a new solution - Security for AI Copilots in SaaS apps.

November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.

November 20, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:

November 20, 2024

Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.

November 20, 2024

Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.

November 19, 2024

OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

November 19, 2024

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.

November 19, 2024

Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.

November 19, 2024

Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.

November 19, 2024

Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.

November 19, 2024

Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.

November 19, 2024

Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.

November 18, 2024

MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.