Network security

Prevent security breaches with robust network security posture. Limit egress traffic by IPs, domains and IP CIDRs. Automatically identify namespace boundaries & recommend policies for namespace isolation. Implement any custom microsegmentation strategy. Rich policy management tools.

High-availability networking

High-availability networking, offering blazing fast performance with a pluggable dataplane architecture supporting standard Linux, eBPF, Windows, and VPP. Calico’s egress gateway assigns static IP addresses to egress traffic, to integrate with firewalls, databases, & legacy applications.

Cluster mesh

Enable seamless connectivity and enhanced security for your multi-cluster Kubernetes applications. Provides effortless connectivity, service discovery, network security and observability for your multi-cluster environments. Deploy an operationally simpler alternative to a service mesh.

cluster mesh screenshot

Observability

Enhance network visibility for better security and faster troubleshooting. Gain a comprehensive view of your network topology, including workload connections, dependencies, and detailed traffic data. Stay ahead of threats and ensure that workloads in your cluster operate smoothly and securely.

Compliance

Achieve consistent and continuous compliance for PCI, SOC2, HIPAA, GDPR and other regulations. Enforce security policy as code for consistency. Easy audit reporting with on-demand or scheduled compliance reports. View compliance history and export auditor-ready compliance data anytime.

Self-service | CI/CD integration

Implement security as code, seamlessly deploying policies through your CI/CD pipeline. Use rich suite of tools to author, recommend, and preview policies before enforcement. Use policy tiers to manage enforcement order, allowing teams to contribute policies without risking essential protections.

Security posture management

Comprehensive visibility

Address weaknesses and strengthen overall security posture with comprehensive security posture overview. Identify vulnerabilities, misconfigurations, and network exposure and proactively prioritize remediation with actionable recommendations. Monitor security posture trends.

Comprehensive Visibility

Security posture management

Vulnerability management

Stop security threats before they strike. Scan images for vulnerabilities during the build process. Automatically block the deployment of high-risk images. Continuously scan production workloads and recommend network policies to deploy virtual patching for risky workloads.

Security posture management

Configuration security & compliance

Strengthen your Kubernetes configuration with CIS benchmarks. Achieve compliance with enterprise controls and industry regulations such as SOC2, PCI DSS, HIPAA, GDPR and others. View compliance history and export auditor-ready compliance data anytime.

Security posture management

Network security

Prevent security breaches with robust network security posture. Limit egress traffic by IPs, domains and IP subnets (CIDRs). Automatically identify namespace boundaries and recommend policies for namespace isolation. Implement any custom microsegmentation strategy.

runtime threat detection

Threat detection

Proactively detect and prevent known and zero-day attacks. Block network-based malware and OWASP top 10 attacks with intrusion detection and prevention (IDS/IPS) and WAF. Detect zero-day attacks by monitoring and analyzing container and network activity for suspicious behavior.

runtime threat detection

Incident response

Respond to threats swiftly, ensuring your environment remains secure. Use Calico security events dashboard or export security events to your SIEM. Use forensics tools to identify attackers and deploy virtual patching controls.