Tigera

San Francisco, CA, USA
2016
  |  By Jonathan Sabo
Efficient connectivity for stateful workloads such as databases across multiple Kubernetes clusters is crucial for effective multi-cluster deployments. The challenge lies in providing seamless communication between services deployed across these clusters. Calico Cluster mesh enhances Kubernetes’ native service discovery, allowing it to function across multiple Kubernetes clusters.
  |  By Patrick Ghidel
Within Kubernetes, the Domain Name System (DNS) plays a pivotal role in facilitating service discovery, allowing pods to effectively locate and interact with other services within the cluster. For organizations transitioning their workloads to Kubernetes, establishing connectivity with services external to the cluster is equally important.
  |  By Joao Coutinho
In the fast-paced world of Kubernetes, guaranteeing optimal performance and reliability of underlying infrastructure is crucial, such as container and Kubernetes networking. One key aspect of achieving this is by effectively managing alerts and notifications. This blog post emphasizes the significance of configuring alerts in a Kubernetes environment, particularly for Calico Enterprise and Cloud, which provides Kubernetes workload networking, security, and observability.
  |  By Ivan Sharamok
In the complex landscape of microservices within Amazon Elastic Kubernetes Service (EKS), maintaining seamless connectivity within microservices is paramount for ensuring optimal performance and reliability. As organizations increasingly embrace microservices architecture, understanding how to observe and troubleshoot microservices connectivity issues in Amazon EKS becomes a critical skill set.
  |  By Reza Ramezanpour
Calico v3.27 is out 🎉 and there are a lot of new features, updates, and improvements that are packed into this release. Here is a breakdown of the most important changes.
  |  By Regis Martins
Continuing from my previous blog on the series, What you can’t do with Kubernetes network policies (unless you use Calico), this post will be focusing on use case number five — Default policies which are applied to all namespaces or pods.
  |  By Reza Ramezanpour
Kubernetes is an excellent solution for building a flexible and scalable infrastructure to run dynamic workloads. However, as our cluster expands, we might face the inevitable situation of scaling and managing multiple clusters concurrently. This notion can introduce a lot of complexity for our day-to-day workload maintenance and adds difficulty to keep all our policies and services up to date in all environments.
  |  By Laura Ferguson
Welcome to the Calico monthly roundup: September edition! From open source news to live events, we have exciting updates to share—let’s get into it!
  |  By Laura Ferguson
Welcome to the Calico monthly roundup: August edition! From open source news to live events, we have exciting updates to share—let’s get into it!
  |  By Laura Ferguson
We are excited to announce the publication of our 2023 State of Calico Open Source, Usage & Adoption report! The report compiles survey results from more than 1,200 Calico Open Source users from around the world, who are actively using Calico in their container and Kubernetes environments. It sheds light on how they are using Calico across various environments, while also highlighting different aspects of Calico’s adoption in terms of platforms, data planes, and policies.
  |  By Tigera
Tigera provides the industry’s only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers, Kubernetes, and cloud. Calico prevents, detects, troubleshoots, and automatically mitigates exposure risks of security issues in build, deploy, and runtime stages across multi-cluster, multi-cloud, and hybrid deployments. Calico works with popular managed Kubernetes services such as AKS, EKS, and GKE, as well as self-managed Kubernetes distributions including Red Hat OpenShift, SUSE/Rancher, VMware Tanzu, and Mirantis.
  |  By Tigera
It’s a daunting task starting down the path to securing your workloads running on Kubernetes in the Cloud. There are no shortages of vendors with great tools in the Cloud security space. There is a multitude of domains that must be accounted for, along with internal challenges in bringing an organization along into new ways of thinking. This talk will focus on Discover’s Cloud security journey, with an overview of how the program has evolved over the last 4 years, key capabilities & concepts that have been embraced and challenges faced.
  |  By Tigera
Containers, Microservices, and cloud-based applications have revolutionized the way companies build and deliver products globally. This has also changed the attack surface and requires very different security strategies and tools to avoid exposure to sensitive information and other cyber attacks. Regulatory compliance has also evolved making it ever so important for companies to adapt to this new paradigm.
  |  By Tigera
Join us as we look at the advantages, but also the practical challenges, of applying modern, policy-as-code ("PaC") approaches in a modern cloud-ready enterprise. This talk will show how Morgan Stanley is drawing upon years of experience in its own proprietary implementation of PaC in its approach to embracing today's ideas. We will look at a diverse set of considerations from GitOps as a method to applying PaC in modern software development and deployment to enforcement of best practices and compliance in the Cloud.
  |  By Tigera
Security as an afterthought is no longer an option and must be deeply embedded in the design and implementation of the products that will be running in the cloud. It is increasingly more critical for many security teams to be almost, if not equally, knowledgeable of the emerging and rapidly evolving technology. Join Manish Sampat from Tigera, as explores the topic in detail with Stan Lee from Paypal.
  |  By Tigera
Security is critical for your Kubernetes-based applications. Join this session to learn about the security features and best practices for safeguarding your Kubernetes environments.
  |  By Tigera
Compliance automation is a commonly overlooked area of Kubernetes observability. The question is: how do you automate compliance to a security framework that isn’t well understood by DevSecOps teams to begin with? This lack of understanding contributes to mismanaged compliance efforts and in a worst-case scenario, audit exposures and organizational risk. This talk will walk through an example of how to 1) map compliance controls to specific Kubernetes technical configuration 2) automate the assessment of those controls 3) visualize the assessment results. DevSecOps teams will better understand how to incorporate compliance automation alongside security automation.
  |  By Tigera
"Companies of various sizes are building their applications on Kubernetes because it provides significant operational benefits like autoscaling, self-healing, extensibility, and declarative deployment style. However, the operational benefits are only a starting point down the path of building a secure and observable platform that enables the continuous delivery of application workloads. This session shows how to build a fully operational platform, leveraging platform-oriented building blocks to address network security and observability.
  |  By Tigera
As more production workloads migrated to the cloud, the need for Intrusion Detection Systems(IDS) grew to meet compliance and security needs. With the number of workloads in each cluster, IDS needs to be efficient to not take up the shared resources. Techniques such as packet inspection and web application firewalls provide a solid defense against threats and by leveraging the cluster's network control pane, we are able to selectively choose vulnerable workloads and provide an easy way to trace back to the origin of the attack.
  |  By Tigera
Congratulations! You’re now cloud-native with microservices. No more legacy monoliths. However, troubleshooting takes time, debugging is difficult, and security is scary. How can you scale your organization without losing an understanding of your environment? Services mesh is here to help! It gives you the observability of connected services and is easier to adopt than you might think. Come and learn service mesh concepts, best practices, and key challenges.
  |  By Tigera
Through practical guidance and best practice recommendations, this book will help you understand why cloud-native applications require a modern approach to security and observability practices, and how to adopt a holistic security and observability strategy for building and securing cloud-native applications running on Kubernetes.
  |  By Tigera
A step-by-step eBook covering everything you need to know to confidently approach Kubernetes networking, starting with basic networking concepts, all the way through to advanced Kubernetes networking with eBPF.
  |  By Tigera
This whitepaper explains five best practices to help meet network security and compliance requirements for modern microservices stack.
  |  By Tigera
Discover how Tigera can help you achieve a scalable, secure, and compliant approach to containers on AWS.
  |  By Tigera
This guide contains detailed technical instructions on how to install and configure network security on Kubernetes platforms.
  |  By Tigera
Tigera commission an unbiased, third-party research firm to speak with enterprise security professionals to understand the state of network security with modern applications.
  |  By Tigera
OpenShift provides a declarative, automated platform to integrate developer workflows into application deployments leveraging open source building blocks such as Kubernetes.
  |  By Tigera
Applying a uniform policy framework allows enterprises to achieve consistent network policy across multiple container orchestrators.
  |  By Tigera
Using simplicity to deliver the performance, stability, and manageability for application connectivity at scale in cloud native platforms such as Kubernetes.

Kubernetes is being adopted by every major enterprise on the planet for deploying modern, containerized applications. However, containers are highly dynamic and break their existing security models. Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

Tigera’s technology is recognized and trusted as the de facto standard for Kubernetes network security. Our open source software, Tigera Calico, provides production-grade security, and our commercial offerings layer on advanced security capabilities, enterprise controls, and compliance reporting.

Kubernetes Requires a Modern Approach to Security and Compliance:

  • Zero-Trust Network Security: With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.
  • Continuous Compliance: Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.
  • Visibility and Traceability: Applications running on Kubernetes Platforms have constantly changing IP addresses and locations that makes it impossible to use traditional flow logs to debug issues and investigate anomalous activity. The only accurate approach is to use Kubernetes labels and workload identity in your netflow logs.
  • Multi-cloud and Legacy: Many applications running on Kubernetes will not be greenfield. Applications often need to communicate securely with other systems outside of the cluster, such as on-premises or cloud-based VMs, bare metal servers and databases. To achieve zero trust security for Kubernetes, your security policies must be capable of expanding beyond the cluster.

Zero Trust Network Security and Continuous Compliance for Kubernetes Platforms.