Apr 29, 2021
|
By John Armstrong
We are thrilled to announce the availability of Calico Enterprise 3.5, which delivers deep observability across the entire Kubernetes stack, from application to networking layers (L3–L7). This release also includes data plane support for Windows and eBPF, in addition to the standard Linux data plane. These new capabilities are designed to automate, simplify and accelerate Kubernetes adoption and deployment. Here are highlights from the release…
Apr 6, 2021
|
By Manoj Ahuje
Since the release of CVE-2020-8554 on GitHub this past December, the vulnerability has received widespread attention from industry media and the cloud security community. This man-in-the-middle (MITM) vulnerability affects Kubernetes pods and underlying hosts, and all Kubernetes versions—including future releases—are vulnerable. Despite this, there is currently no patch for the issue.
Mar 31, 2021
|
By Manoj Ahuje
In April 2020, MalwareHunterTeam found a number of suspicious files in an open directory and posted about them in a series of tweets. Trend Micro later confirmed that these files were part of the first cryptojacking malware by TeamTNT, a cybercrime group that specializes in attacking the cloud—typically using a malicious Docker image—and has proven itself to be both resourceful and creative.
Mar 17, 2021
|
By Garwood Pang
The use of honeypots in an IT network is a well-known technique to detect bad actors within your network and gain insight into what they are doing. By exposing simulated or intentionally vulnerable applications in your network and monitoring for access, they act as a canary to notify the blue team of the intrusion and stall the attacker’s progress from reaching actual sensitive applications and data.
Mar 2, 2021
|
By John Armstrong
Tigera, in collaboration with Microsoft, is thrilled to announce the public preview of Calico for Windows on Azure Kubernetes Service (AKS). While Calico has been available for self-managed Kubernetes workloads on Azure since 2018, many organizations are migrating their .NET and Windows workloads to the managed Kubernetes environment offered by AKS.
Feb 16, 2021
|
By Amit Gupta
We are excited to introduce Calico Cloud, a pay-as-you-go SaaS platform for Kubernetes security and observability. With Calico Cloud, users only pay for services consumed and are billed monthly, getting immediate value without upfront investment.
Feb 1, 2021
|
By Ratan Tipirneni
Kubernetes provides abstraction and simplicity with a declarative model to program complex deployments. However, this abstraction and simplicity create complexity when debugging microservices in this abstract layer. The following four vectors make it challenging to troubleshoot microservices.
Jan 20, 2021
|
By John Armstrong
As we enter a new year, it’s an appropriate time to reflect on our achievements at Tigera and how much Calico Enterprise has evolved over the past year as the industry’s leading Security and Observability solution for Kubernetes Networking and Microservices.
Jan 12, 2021
|
By John Armstrong
As an AWS Advanced Technology Partner with AWS Containers Competency, Tigera is thrilled to announce that Calico and Calico Enterprise are both now available as AWS Quick Starts. If you’re unfamiliar with the concept, an AWS Quick Start is a ready-to-use accelerator that fast-tracks deployments of key cloud workloads for AWS customers.
Dec 29, 2020
|
By John Armstrong
Calico and Kubernetes go hand-in-hand. Kubernetes is the de facto standard for deploying and managing container-based applications at scale, both on-premises and in the cloud. Calico continues to be the most popular open-source networking and network security solution for Kubernetes. Despite the cataclysmic events that occurred in 2020, the Calico community, supported by the team at Tigera, remained focused and achieved several major successes. We are excited to share these highlights.
May 10, 2021
|
By Tigera
Organizations are scaling Kubernetes deployments with container platforms running on a mix of on-prem, cloud, and multi-cloud infrastructure. However, not all users are taking a standardized approach to building multiple clusters on a common distribution and on a single infrastructure with common security tools.
May 4, 2021
|
By Tigera
Downtime is expensive and applications are a challenge to troubleshoot across a dynamic, distributed environment consisting of Kubernetes clusters. While development teams and service owners typically understand the microservices they are deploying, it’s often difficult to get a complete, shared view of dependencies and how all the services are communicating with each other across a cluster. Limited observability makes it extremely difficult to troubleshoot end-to-end connectivity issues which can impact application deployment.
May 4, 2021
|
By Tigera
The majority of operational problems inherent to deploying microservices in a distributed architecture are linked to two areas: networking and observability. At the application layer (Layer 7), the need to understand all aspects associated with service-to-service communication within the cluster becomes paramount. Service-to-service network traffic at this layer is often using HTTP. DevOps teams struggle with these questions: Where is monitoring needed? How can I understand the impact of issues and effectively troubleshoot? And how can I effectively protect application-layer data?
May 4, 2021
|
By Tigera
While it’s an essential part of Kubernetes, DNS is also a common source of outages and issues in Kubernetes clusters. Debugging and troubleshooting DNS issues in Kubernetes environments is not a trivial task given the limited amount of information Kubernetes provides for DNS queries. The DNS Dashboard in Calico Enterprise and Calico CLoud helps Kubernetes teams more quickly confirm or eliminate DNS as the root cause for microservice and application connectivity issues.
Feb 5, 2021
|
By Tigera
Learn how Calico Enterprise can help in troubleshooting Kubernetes Calico networking and network policies.
Feb 2, 2021
|
By Tigera
CVE-2020-8554 is a vulnerability that allows Kubernetes Services to intercept cluster traffic to any IP address. Users who can manage services can exploit the vulnerability to carry out man-in-the-middle (MITM) attacks against pods and nodes in the cluster. All Kubernetes versions including the latest release (v1.20) are vulnerable to this attack. If your cluster is multi-tenant, or allows unprivileged users to create and update services, you are impacted.
Jan 30, 2021
|
By Tigera
Managing multiple Kubernetes clusters can become time consuming and complex. Calico Enterprise can help with built in multi-cluster management capabilities to simplify deployment and ongoing operations, including securing interactions between the clusters, and providing cross-cluster service discovery.
Jan 21, 2021
|
By Tigera
In this talk, we will explore how to meet common enterprise security control needs when running Kubernetes. We will look at a range of common enterprise security needs and how you can meet these with standard Kubernetes primitives and open source projects such as Calico, or take it a step further with the additional features of Calico Enterprise.
Jan 19, 2021
|
By Tigera
Kubernetes Ingress introduces challenges that require important architectural decisions. In this session, we will explain the options available and how to select the right one. You’ll see a live demo and will receive all manifests and walkthroughs required to repeat the training on your own after the training session.
Jan 19, 2021
|
By Tigera
At Tigera, we’re excited that our two leading Kubernetes solutions, Calico and Calico Enterprise, are now available as AWS Quickstarts. Everything you need to take advantage of Calico and Calico Enterprise is installed and configured in your EKS cluster, enabling you to immediately take advantage of a full set of Kubernetes security, observability and networking features. In this fireside chat, you will learn about the value of using Calico with EKS in a Quickstart Kubernetes environment, including.
Apr 21, 2021
|
By Tigera
Through practical guidance and best practice recommendations, this book will help you understand why cloud-native applications require a modern approach to security and observability practices, and how to implement such practices in your organization.
Nov 2, 2020
|
By Tigera
A step-by-step eBook covering everything you need to know to confidently approach Kubernetes networking, starting with basic networking concepts, all the way through to advanced Kubernetes networking with eBPF.
Feb 26, 2019
|
By Tigera
Discover how Tigera can help you achieve a scalable, secure, and compliant approach to containers on AWS.
Feb 26, 2019
|
By Tigera
This whitepaper explains five best practices to help meet network security and compliance requirements for modern microservices stack.
Feb 1, 2019
|
By Tigera
This guide contains detailed technical instructions on how to install and configure network security on Kubernetes platforms.
Jan 1, 2019
|
By Tigera
Tigera commission an unbiased, third-party research firm to speak with enterprise security professionals to understand the state of network security with modern applications.
Dec 1, 2018
|
By Tigera
OpenShift provides a declarative, automated platform to integrate developer workflows into application deployments leveraging open source building blocks such as Kubernetes.
Nov 1, 2018
|
By Tigera
Applying a uniform policy framework allows enterprises to achieve consistent network policy across multiple container orchestrators.
Oct 1, 2018
|
By Tigera
Using simplicity to deliver the performance, stability, and manageability for application connectivity at scale in cloud native platforms such as Kubernetes.
- May 2021 (4)
- April 2021 (3)
- March 2021 (3)
- February 2021 (4)
- January 2021 (9)
- December 2020 (8)
- November 2020 (7)
- October 2020 (10)
- September 2020 (13)
- August 2020 (14)
- July 2020 (12)
- June 2020 (10)
- May 2020 (14)
- April 2020 (7)
- March 2020 (6)
- February 2020 (2)
- January 2020 (1)
- December 2019 (3)
- November 2019 (3)
- October 2019 (5)
- September 2019 (4)
- August 2019 (3)
- July 2019 (10)
- June 2019 (10)
- May 2019 (10)
- April 2019 (8)
- March 2019 (11)
- February 2019 (9)
- January 2019 (9)
- December 2018 (3)
- November 2018 (3)
- October 2018 (4)
- September 2018 (1)
- August 2018 (1)
- July 2018 (3)
- May 2018 (1)
Kubernetes is being adopted by every major enterprise on the planet for deploying modern, containerized applications. However, containers are highly dynamic and break their existing security models. Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.
Tigera’s technology is recognized and trusted as the de facto standard for Kubernetes network security. Our open source software, Tigera Calico, provides production-grade security, and our commercial offerings layer on advanced security capabilities, enterprise controls, and compliance reporting.
Kubernetes Requires a Modern Approach to Security and Compliance:
- Zero-Trust Network Security: With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.
- Continuous Compliance: Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.
- Visibility and Traceability: Applications running on Kubernetes Platforms have constantly changing IP addresses and locations that makes it impossible to use traditional flow logs to debug issues and investigate anomalous activity. The only accurate approach is to use Kubernetes labels and workload identity in your netflow logs.
- Multi-cloud and Legacy: Many applications running on Kubernetes will not be greenfield. Applications often need to communicate securely with other systems outside of the cluster, such as on-premises or cloud-based VMs, bare metal servers and databases. To achieve zero trust security for Kubernetes, your security policies must be capable of expanding beyond the cluster.
Zero Trust Network Security and Continuous Compliance for Kubernetes Platforms.