San Francisco, CA, USA
Sep 22, 2020   |  By John Armstrong
Tigera is pleased to announce that we have open-sourced Calico for Windows and made it immediately available for all to use for free. With the launch of open-source Calico for Windows, the vast ecosystem of Windows users now has unprecedented access to Kubernetes via the industry’s de-facto standard for Kubernetes networking and network security.
Sep 14, 2020   |  By Shaun Crampton
A few days ago, our team released Calico v3.16. As part of that release, we have marked the eBPF dataplane as “GA”, signalling that it is now stable and ready for wider use by the community. In this blog post I want to take you through the process of moving from tech-preview to GA.
Sep 10, 2020   |  By Vaibhav Thakur
Tigera serves the networking and policy enforcement needs of more than 150,000 Kubernetes clusters across the globe and supports two product lines: open source Calico, and Calico Enterprise. Our development team is constantly running smoke, system, unit, and functional verification tests, as well as all our E2Es for these products. Our CI pipelines form an extremely important aspect of the overall IT infrastructure and enable us to test our products and catch bugs before release.
Sep 3, 2020   |  By John Armstrong
The old security model, which followed the “trust but verify” method, is broken. That model granted excessive implicit trust that attackers abused, putting the organization at risk from malicious internal actors and allowing unauthorized outsiders wide-reaching access once inside. The new model, Zero Trust networking, presents an approach where the default posture is to deny access.
Sep 1, 2020   |  By John Armstrong
Compromising a pod in a Kubernetes cluster can have disastrous consequences on resources in an AWS Elastic Kubernetes Service (EKS) account if access to the Instance Metadata service is not explicitly blocked. The Instance Metadata service is an AWS API listening on a link-local IP address. Only accessible from EC2 instances, it enables the retrieval of metadata that is used to configure or manage an instance.
Aug 26, 2020   |  By Bikram Gupta
In today’s economy, digital assets (applications, data, and processes) determine business success. Cloud-native applications are designed to iterate rapidly, creating rapid time-to-value for businesses. Organizations that are able to rapidly build and deploy their applications have significant competitive advantage.
Aug 12, 2020   |  By Bikram Gupta
Hybrid cloud infrastructures run critical business resources and are subject to some of the strictest network security controls. Irrespective of the industry and resource types, these controls broadly fall into three categories. Workloads (pods) running on Kubernetes are ephemeral in nature, and IP-based controls are no longer effective. The challenge is to enforce the organizational security controls on the workloads and Kubernetes nodes themselves.
Aug 6, 2020   |  By Bikram Gupta
Microsegmentation is a security technique that is used to isolate workloads from one another. Microsegmentation limits the blast radius of a data breach by making network security more granular. Should a breach occur, the damage is confined to the affected segment. Application workloads have evolved over time – starting from bare metal, to a mix of on-prem and cloud virtual machines and containers.
Jul 23, 2020   |  By John Armstrong
Today we are pleased to announce our partnership with Nutanix, creators of the industry’s most popular hyper-converged infrastructure (HCI) technology. HCI combines datacenter hardware using locally-attached storage resources with intelligent software to create flexible building blocks that replace legacy infrastructure consisting of separate servers, storage networks, and storage arrays.
Jul 15, 2020   |  By John Armstrong
Calico was designed from the ground up with a pluggable dataplane architecture. The Calico 3.13 release introduced an exciting new eBPF (extended Berkeley Packet Filter) dataplane targeted at those ready to adopt newer kernel versions and wanting to push the Linux kernel’s latest networking capabilities to the limit.
Sep 28, 2020   |  By Tigera
Learn how to simplify deployment and ongoing operations for more than one cluster running Calico Enterprise.
Sep 24, 2020   |  By Tigera
In this session, we will go over the design considerations and available options to run Calico on EKS. After this session you’ll be able to Understand the available supported options to run Calico on EKS Understand the various design considerations of running scalable EKS clusters with Calico Learn about the value-added capabilities of Calico Enterprise on EKS
Sep 17, 2020   |  By Tigera
By default, pods are non-isolated; they accept traffic from any source. The Google GKE solution to this security concern is Network Security Policy that lets developers control network access to their services. Google GKE comes configured with Network Security Policy using Project Calico which can be used to secure your clusters. This class will describe a few use cases for network security policy and a live demo implementing each use case.
Sep 16, 2020   |  By Tigera
Calico is the only cross-platform CNI and Network Policy engine available today and is currently powers more than 150,000 known clusters across millions of nodes worldwide. Many organizations have .NET and windows workloads that they are or will eventually modernize and deploy to Kubernetes. We have been collaborating with Microsoft and joint customers over the past few years to bring Calico to the Windows platform.
Sep 10, 2020   |  By Tigera
By default, pods are not isolated. This means that malicious actors once inside may wander freely throughout your kubernetes cluster. During this session we’ll discuss the different attack vectors and how to mitigate. Intro to attacking kubernetes and applications Network policies, isolation and quarantining IDS and honeypots concepts
Sep 8, 2020   |  By Tigera
Learn how to empower your team with safe self-service network security for Kubernetes with Calico Enterprise. What are Calico Enterprise Network Policy Tiers How to use tiers to enable safe self service policy management What are Calico Enterprise Policy impact preview and staged network policies How to enable operations and developers to safely manage Kubernetes network policy How to build a workflow using these tools to safely deliver approved changes to your clusters
Sep 4, 2020   |  By Tigera
In this session, we will go over the core concepts in k8s network policies and calico network policies. Compare and contrast between the two models, and highlight when to use one versus the other.
Aug 27, 2020   |  By Tigera
In this session we’ll review networking options compatible with Calico for AKS cluster and will build a few AKS clusters using Azure CLI and ARM template.
Aug 27, 2020   |  By Tigera
Red Hat OpenShift is a great platform for hosting microservices, enabling developers to get up and running quickly. However, taking the next step from development to production imposes additional networking, security, and compliance requirements that must be addressed before Kubernetes apps can be widely deployed. Traditional networking tools, which were designed for relatively static IP environments, don’t have the context necessary to identify Kubernetes traffic flows, making it nearly impossible to effectively diagnose, troubleshoot, and resolve application connectivity issues.
Aug 26, 2020   |  By Tigera
Many development teams select Amazon EKS as the best platform to run their microservices. Adopting Amazon EKS is easy, but running applications in production requires additional capabilities to meet compliance requirements, detect potential security incidents, and troubleshoot networking problems that can often occur.
Feb 26, 2019   |  By Tigera
Discover how Tigera can help you achieve a scalable, secure, and compliant approach to containers on AWS.
Feb 26, 2019   |  By Tigera
This whitepaper explains five best practices to help meet network security and compliance requirements for modern microservices stack.
Feb 1, 2019   |  By Tigera
This guide contains detailed technical instructions on how to install and configure network security on Kubernetes platforms.
Jan 1, 2019   |  By Tigera
Tigera commission an unbiased, third-party research firm to speak with enterprise security professionals to understand the state of network security with modern applications.
Dec 1, 2018   |  By Tigera
OpenShift provides a declarative, automated platform to integrate developer workflows into application deployments leveraging open source building blocks such as Kubernetes.
Nov 1, 2018   |  By Tigera
Applying a uniform policy framework allows enterprises to achieve consistent network policy across multiple container orchestrators.
Oct 1, 2018   |  By Tigera
Using simplicity to deliver the performance, stability, and manageability for application connectivity at scale in cloud native platforms such as Kubernetes.

Kubernetes is being adopted by every major enterprise on the planet for deploying modern, containerized applications. However, containers are highly dynamic and break their existing security models. Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

Tigera’s technology is recognized and trusted as the de facto standard for Kubernetes network security. Our open source software, Tigera Calico, provides production-grade security, and our commercial offerings layer on advanced security capabilities, enterprise controls, and compliance reporting.

Kubernetes Requires a Modern Approach to Security and Compliance:

  • Zero-Trust Network Security: With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.
  • Continuous Compliance: Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.
  • Visibility and Traceability: Applications running on Kubernetes Platforms have constantly changing IP addresses and locations that makes it impossible to use traditional flow logs to debug issues and investigate anomalous activity. The only accurate approach is to use Kubernetes labels and workload identity in your netflow logs.
  • Multi-cloud and Legacy: Many applications running on Kubernetes will not be greenfield. Applications often need to communicate securely with other systems outside of the cluster, such as on-premises or cloud-based VMs, bare metal servers and databases. To achieve zero trust security for Kubernetes, your security policies must be capable of expanding beyond the cluster.

Zero Trust Network Security and Continuous Compliance for Kubernetes Platforms.