San Francisco, CA, USA
Feb 4, 2023   |  By Alara Ozturk
This blog will cover what the Calico/VPP dataplane is and demonstrate the performance and flexibility advantages of using the VPP dataplane through a benchmarking setup. By the end of this blog post, you will have a clear understanding of how Calico/VPP dataplane, with the help of DPDK and accelerated memif interfaces, can provide high throughput and low-latency Kubernetes cluster networking for your environment.
Jan 31, 2023   |  By Reza Ramezanpour
In this article, we will dive into Kubernetes network monitoring and metrics, examining these concepts in detail and exploring how metrics in an application can be transformed into tangible, human-readable reports. The article will also include a step-by-step tutorial on how to enable Calico’s integration with Prometheus, a free and open-source CNCF project created for monitoring the cloud.
Jan 26, 2023   |  By Alara Ozturk
2022 has been a year full of new releases, new events, and new projects for Open Source Calico. Let’s take a look at Project Calico’s 2022 highlights and see if you’ve missed any exciting news.
Jan 24, 2023   |  By Ratan Tipirneni
By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. This momentum of these workloads and solutions presents a significant opportunity for companies that can meet the challenges of the burgeoning industry.
Jan 16, 2023   |  By Reza Ramezanpour
We’ve just released Calico v3.25! This milestone release includes a number of eBPF dataplane improvements designed to deliver an even faster upgrade experience, smaller memory footprint, and shorter eBPF networking object load time speed. But before we get into the details of these changes, let’s welcome and thank our new community problem-solvers who got their first contribution requests merged into our beloved project.
Jan 11, 2023   |  By Ratan Tipirneni
Cloud computing and the use of cloud native architectures enable unparalleled performance, flexibility, and velocity. The speed of innovation has driven significant advancements across industries, but as digitalization continues pushing applications and services to the cloud, bad actors’ intrusion techniques have also become more sophisticated.
Dec 20, 2022   |  By Reza Ramezanpour
Microservices are loosely coupled software that provides flexibility and scalability to a cloud environment. However, securing this open architecture from vulnerabilities and malicious actors can be challenging without a service mesh. This blog post will demonstrate how you can create an Istio and Calico integration to establish a service mesh that will manipulate HTTP traffic in the application layer.
Dec 15, 2022   |  By Joseph Yostos
Tigera provides the industry’s only active Cloud-Native Application Security Platform (CNAPP) for containers and Kubernetes. Available as a fully managed SaaS (Calico Cloud) or a self-managed service (Calico Enterprise), the platform prevents, detects, troubleshoots, and automatically mitigates exposure risks of security issues in build, deploy, and runtime stages across multi-cluster, multi-cloud, and hybrid deployments.
Nov 22, 2022   |  By Utpal Bhatt
Kubernetes has come of age with more organizations adopting a microservices architecture at scale. But scale brings a whole slew of new challenges, especially with Kubernetes, which is designed to operate as a single cluster. However, the usage of Kubernetes, especially at leading-edge organizations operating at scale, has crossed the single-cluster threshold.
Nov 1, 2022   |  By Reza Ramezanpour
Cloud-native applications offer a lot of flexibility and scalability, but to leverage these advantages, we must create and deploy a suitable environment that will enable cloud-native applications to work their magic. Managed services, self-managed services, and bare metal are three primary categories of Kubernetes deployment in a cloud environment.
Aug 26, 2022   |  By Tigera
Tigera provides the industry’s only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers, Kubernetes, and cloud. Calico prevents, detects, troubleshoots, and automatically mitigates exposure risks of security issues in build, deploy, and runtime stages across multi-cluster, multi-cloud, and hybrid deployments. Calico works with popular managed Kubernetes services such as AKS, EKS, and GKE, as well as self-managed Kubernetes distributions including Red Hat OpenShift, SUSE/Rancher, VMware Tanzu, and Mirantis.
Jun 11, 2021   |  By Tigera
Security is critical for your Kubernetes-based applications. Join this session to learn about the security features and best practices for safeguarding your Kubernetes environments.
Jun 11, 2021   |  By Tigera
Compliance automation is a commonly overlooked area of Kubernetes observability. The question is: how do you automate compliance to a security framework that isn’t well understood by DevSecOps teams to begin with? This lack of understanding contributes to mismanaged compliance efforts and in a worst-case scenario, audit exposures and organizational risk. This talk will walk through an example of how to 1) map compliance controls to specific Kubernetes technical configuration 2) automate the assessment of those controls 3) visualize the assessment results. DevSecOps teams will better understand how to incorporate compliance automation alongside security automation.
Jun 11, 2021   |  By Tigera
"Companies of various sizes are building their applications on Kubernetes because it provides significant operational benefits like autoscaling, self-healing, extensibility, and declarative deployment style. However, the operational benefits are only a starting point down the path of building a secure and observable platform that enables the continuous delivery of application workloads. This session shows how to build a fully operational platform, leveraging platform-oriented building blocks to address network security and observability.
Jun 11, 2021   |  By Tigera
As more production workloads migrated to the cloud, the need for Intrusion Detection Systems(IDS) grew to meet compliance and security needs. With the number of workloads in each cluster, IDS needs to be efficient to not take up the shared resources. Techniques such as packet inspection and web application firewalls provide a solid defense against threats and by leveraging the cluster's network control pane, we are able to selectively choose vulnerable workloads and provide an easy way to trace back to the origin of the attack.
Jun 11, 2021   |  By Tigera
Congratulations! You’re now cloud-native with microservices. No more legacy monoliths. However, troubleshooting takes time, debugging is difficult, and security is scary. How can you scale your organization without losing an understanding of your environment? Services mesh is here to help! It gives you the observability of connected services and is easier to adopt than you might think. Come and learn service mesh concepts, best practices, and key challenges.
Jun 11, 2021   |  By Tigera
Early adoption of Kubernetes came with its set of challenges for Box, that led to innovative solutions & learnings. In this session, the speaker will take you through some of those solutions around Kubernetes Observability & best practices which will make your Kubernetes journey easier.
Jun 11, 2021   |  By Tigera
Technologies come, and technologies go. Sadly, we're not all riding Segways to work! Calico was designed with change in mind and is adaptable, supporting different data plane technologies with different goals. In this talk, we'll cover.
Jun 11, 2021   |  By Tigera
Calico/VPP data plane renderer was introduced as Tech Preview in Calico 3.19 for Kubernetes. It leverages the FD.io/VPP userspace data plane which brings great benefits in terms of performance and flexibility for large-scale Kubernetes clusters. Thanks to its fast IPSec & Wireguard implementation, it makes it possible to provide intra-cluster full mesh crypto without compromising performance. Beyond performance, it implements differentiated features like MagLev based load balancing with DSR for k8s services making it a good choice for large-scale applications having strong high availability requirements. This is the first release but moving forward, it will provide support for superfast packet-oriented virtual interfaces as well TCP/UDP/Quic stack to applications having extreme networking performance.
Jun 11, 2021   |  By Tigera
Learn how eBPF will bring a richer picture of what's going on in your cluster, without changing your applications. With eBPF we can safely collect information from deep within your applications, wherever they interact with the kernel. For example, collecting detailed socket statistics to root-cause network issues, or pinpointing the precise binary inside a container that made a particular request for your audit trail. This allows for insights into the behavior (and security) of the system that previously would have needed every process to be (manually) instrumented.
Apr 21, 2021   |  By Tigera
Through practical guidance and best practice recommendations, this book will help you understand why cloud-native applications require a modern approach to security and observability practices, and how to adopt a holistic security and observability strategy for building and securing cloud-native applications running on Kubernetes.
Nov 2, 2020   |  By Tigera
A step-by-step eBook covering everything you need to know to confidently approach Kubernetes networking, starting with basic networking concepts, all the way through to advanced Kubernetes networking with eBPF.
Feb 26, 2019   |  By Tigera
This whitepaper explains five best practices to help meet network security and compliance requirements for modern microservices stack.
Feb 26, 2019   |  By Tigera
Discover how Tigera can help you achieve a scalable, secure, and compliant approach to containers on AWS.
Feb 1, 2019   |  By Tigera
This guide contains detailed technical instructions on how to install and configure network security on Kubernetes platforms.
Jan 1, 2019   |  By Tigera
Tigera commission an unbiased, third-party research firm to speak with enterprise security professionals to understand the state of network security with modern applications.
Dec 1, 2018   |  By Tigera
OpenShift provides a declarative, automated platform to integrate developer workflows into application deployments leveraging open source building blocks such as Kubernetes.
Nov 1, 2018   |  By Tigera
Applying a uniform policy framework allows enterprises to achieve consistent network policy across multiple container orchestrators.
Oct 1, 2018   |  By Tigera
Using simplicity to deliver the performance, stability, and manageability for application connectivity at scale in cloud native platforms such as Kubernetes.

Kubernetes is being adopted by every major enterprise on the planet for deploying modern, containerized applications. However, containers are highly dynamic and break their existing security models. Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

Tigera’s technology is recognized and trusted as the de facto standard for Kubernetes network security. Our open source software, Tigera Calico, provides production-grade security, and our commercial offerings layer on advanced security capabilities, enterprise controls, and compliance reporting.

Kubernetes Requires a Modern Approach to Security and Compliance:

  • Zero-Trust Network Security: With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.
  • Continuous Compliance: Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.
  • Visibility and Traceability: Applications running on Kubernetes Platforms have constantly changing IP addresses and locations that makes it impossible to use traditional flow logs to debug issues and investigate anomalous activity. The only accurate approach is to use Kubernetes labels and workload identity in your netflow logs.
  • Multi-cloud and Legacy: Many applications running on Kubernetes will not be greenfield. Applications often need to communicate securely with other systems outside of the cluster, such as on-premises or cloud-based VMs, bare metal servers and databases. To achieve zero trust security for Kubernetes, your security policies must be capable of expanding beyond the cluster.

Zero Trust Network Security and Continuous Compliance for Kubernetes Platforms.