Comprehensive security visibility
Calico’s Security Posture Overview provides comprehensive visibility across vulnerabilities, misconfigurations, open egress access, and unsecured lateral movement.
Calico calculates a security score and provides a prioritized list of risks with recommended actions. The score’s timeline view helps you understand the security posture trend over a specific period of time.
The Dynamic Service and Threat Graph provides a graph-based visualization to view your cluster’s network topology, workload interactions, and network policies.
Vulnerability management
Calico Image Scanner scans images for known CVEs, and blocks them from deployment if they don’t meet a custom predefined threshold. You can integrate the scanner with your CI/CD pipeline to automate vulnerability management.
Calico’s in-cluster scanner continuously scans production workloads for new vulnerabilities and recommends mitigating controls to reduce exposure risks.
Configuration security & compliance
Calico supports major compliance standards, including PCI DSS, HIPAA, GDPR, SOC 2, NIST, CCPA, and any custom frameworks.
Calico provides real-time, continuous monitoring to detect compliance violations and provides evidence reports as proof of compliance at any time.
Calico evaluates the configuration of your Kubernetes environment against industry-leading CIS benchmarks and provides remediation recommendations to fix misconfigurations.
Network security
Calico identifies unsecured egress access from workloads within the cluster to the internet and enforces egress controls with fine-grained DNS policies and network sets.
Calico evaluates in-cluster traffic and recommends network policies to isolate namespaces. You can also define fine-grained policies for microsegmentation at individual workload levels to prevent lateral movement of threats. For further protection, Calico enforces application-layer (L7) policies to limit traffic based on attributes such as HTTP methods and URL paths.
Network-based threat detection
Calico’s workload-level IDS/IPS utilizes both pre-configured and custom threat intelligence feeds to monitor malicious IPs, domains, and VPNs. It promptly alerts upon receiving traffic from recognized malicious addresses and effectively blocks workloads from accessing them.
Calico’s workload-centric WAF protects ingress and intra-cluster traffic against HTTP-based attacks such as OWASP Top 10.
Calico detects potential DDoS attacks based on intelligent network traffic analysis and prevents them with early packet processing.
Container-based threat detection
Calico detects zero-day threats with plug-and-play, out-of-the-box detectors that analyze container behavior using process, file system, and system calls data collected with eBPF probes.
Calico uses file hashes to determine file integrity, and identify and block known malware.
Incident response
Calico provides a security events dashboard to view and manage all security incidents.
Calico integrates with 3rd-party SIEMs and SOARs to send security event information.
Calico also recommends quarantine policies to isolate vulnerable workloads to enable remediation efforts.
Comprehensive visibility
Calico’s Security Posture Overview Dashboard allows security teams to measure the security posture of their cluster over time based on vulnerabilities, misconfigurations, open egress access, and unsecured lateral movement and take steps to reduce risk over time.
Calico Cloud offers detailed visibility into workload-centric network topology, traffic flows, and network policies through a service graph and alerts users to suspicious activities.
