Recap: KubeCon + CloudNativeCon EU + CalicoCon 2024

Last week we had the pleasure of attending KubeCon + CloudNativeCon EU in Paris, France. It was a fantastic event where we once again had the opportunity to engage in meaningful conversations about Kubernetes, container security, and the latest developments in the open source ecosystem. We also hosted CalicoCon 2024, a co-located event, to talk about our favorite subject: Calico! Let’s take a look at some of the highlights from the conference.

CalicoCon 2024

A large group of KubeCon attendees joined us on March 19th for a full-day event to explore the trends, strategies, and technologies making waves in the Kubernetes networking, security, and observability world. The day included a keynote on Project Calico’s past, present, and future, plus multiple presentations and workshops delivered by Calico engineers that provided a deep dive into topics such as eBPF, Windows HNS, multi-cluster mesh, best practices for network policies, scale, performance, encryption, and compliance.

A good time was had by all in attendance, and two lucky winners of our raffles each took home a pair of AirPods! The day ended with happy hour and networking, where attendees had a chance to meet other Calico users as well as the engineers and leadership Continue reading

Calico monthly roundup: January 2024

Welcome to the Calico monthly roundup: January edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Join us at CalicoCon 2024 in Paris We are thrilled to announce that CalicoCon 2024 will be held on March 19 in Paris as a KubeCon + CloudNativeCon Europe 2024 co-located event. Join us for an immersive event focused on the latest trends, strategies, and technologies in Kubernetes networking, security, and observability. Limited spots are available, so register now to secure your spot. Register.

Customer case study: NuraLogix AI-driven healthtech company, NuraLogix, improves security and compliance on Amazon EKS using Calico Cloud. Read case study.

Tigera has achieved AWS Security Competency status! Tigera has gained a new AWS Security Competency, which we’re proud to add to our already existing AWS Containers Software Competency. Read about the addition of our newest security competency. Read more.

Securely connect EKS workloads to approved SaaS with Calico Egress Gateway Learn how Calico Egress Gateway for AWS Elastic IP provides a valuable tool to bolster an organization’s defenses and ensure secure and dependable connections to trusted SaaS platforms. Read blog post.

Open source news

*NEW* GitHub Discussion forum – Looking for Continue reading

Tigera Closes Out 2023 with Significant Momentum for Calico as Demand for Container Security Accelerates

As 2023 comes to a close, we’re happy to report that we’ve had a successful year full of powerful product advancements and notable third-party recognition.

Key product enhancements

• Plug-and-play Runtime Threat Defense – Combines signature and behavior-based threat detection to protect against both known and zero-day threats. Calico Runtime Threat Defense provides preconfigured threat detectors to detect most common MITRE attack techniques for container and network-based attacks.
• Security Score and Recommended Actions – Provides an unparalleled view of security risks, enabling enterprises to identify, prioritize and mitigate them swiftly.
• Streamlined autoscaling with Windows HostProcess Container – Simplifies Kubernetes operations while saving time and resources.
• IPv6 support for eBPF – Empowers enterprises to enhance the performance and scalability of their applications, ensuring they meet the demands of modern workloads.
• Calico cluster mesh for VxLAN – Offers a scalable solution for multi-cluster deployments, enabling multi-cluster pod-to-pod connectivity and enhancing security and visibility.

With these new enhancements, Calico is the industry’s most complete solution for securing and observing Kubernetes environments.

User feedback

Calico Open Source users represent a robust sample of IT professionals from across industries and use cases. We polled these users to better understand their needs and compiled the insights into Continue reading

Calico monthly roundup: December 2023

Welcome to the Calico monthly roundup: December edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Tigera has achieved AWS Security Competency status! Tigera has gained a new AWS Security Competency, which we’re proud to add to our already existing AWS Containers Software Competency. Read about the addition of our newest security competency. Read more.

Find your Cluster Security Score Calico Cloud is releasing new capabilities for security posture management called Security Scoring and Recommended Actions. Start measuring and tracking your security posture. Learn more.

Customer case study: Leader-bet Calico provides container security and compliance for online gaming giant, Leader-bet. Read our case study to learn more. Read case study.

Comparing NGFW container firewalls with Calico container firewall Learn how to establish robust firewall policies with just code or a single click for advanced threat protection using behavior-based learning and IDS/IPS integrated with the firewall. Read blog post.

Open source news

Calico v3.27 is out and there are a lot of new features, updates, and improvements that are packed into this release. Here is a breakdown of the most important changes:

• Significant performance improvements, especially for extremely large clusters
• Calico VPP Continue reading

Calico monthly roundup: November 2023

Welcome to the Calico monthly roundup: November edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Find your Cluster Security Score Calico Cloud is releasing new capabilities for security posture management called Security Scoring and Recommended Actions. Start measuring and tracking your security posture. Learn more.

Customer case study: Boundless Software Calico Cloud enabled SOC 2 compliance for Boundless Software while also drastically reducing onboarding times for the company’s customers. Read our case study to find out how. Read case study.

Secure Kubernetes traffic with Calico Egress gateway Discover how egress gateways enable users to assign meaningful network identity to selected traffic so that this information can be further used by traditional tools to enforce granular policies to traffic based on identity or bandwidth. Read blog post.

Open source news

• NEW features
  • Streamlined Operations with Windows HostProcess Container – Automated node pool scaling and upgrades, eliminating the need for manual node initialization to streamline operations and management of Windows container-based applications.
  • Performance and Scalability with IPv6 Support for Calico eBPF Dataplane – IPv6 support for eBPF in Calico empowers enterprises to enhance the performance and scalability of their applications by alleviating Continue reading

Tigera has achieved AWS Security Competency status!

We’re happy to announce that Tigera recently achieved Amazon Web Services (AWS) Security Competency status. This designation recognizes the security capabilities of Tigera’s Calico Cloud platform in helping customers secure their AWS workloads and achieve their cloud security goals.

To receive the designation, AWS Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS. After evaluating Calico Cloud’s security capabilities, including vulnerability management, container- and network-based threat detection, observability and security policy lifecycle, AWS found it surpassed the competency requirements.

This is the second AWS competency Tigera has achieved and we’re proud to add this new competency to our existing AWS Containers Software Competency. Our team is dedicated to helping companies achieve their Kubernetes and container security goals by combining our technology with the range of powerful security tools AWS provides.

Read the full press release for more details or visit us on the AWS Marketplace.

The post Tigera has achieved AWS Security Competency status! appeared first on Tigera.

Recap: KubeCon + CloudNativeCon NA 2023

Thanks to everyone who joined us in Chicago this month at KubeCon + CloudNativeCon NA 2023. We had a chance to have many meaningful conversations about Kubernetes and container security, the latest in the open source ecosystem, and of course—Calico! Here are some highlights from the conference.

Calico at KubeCon

We had a ton of visitors at our booth this year and were happy to catch up with old friends as well as meet new ones. Tech problems for business needs, such as how to provide fixed IPs to workloads for communication outside of the Kubernetes cluster instead of architectural debates about the underlying dataplane, was a popular topic of discussion. Another was runtime security at the workload level (default-deny/zero trust). The issue of visibility into workload communication at scale overlaid with effective security policies also came up often. We were all too happy to show how Calico can help!

Cruise Party

Those who joined us for our private cruise party enjoyed a guided architecture tour of the spectacular Chicago lakefront. The evening went swimmingly and offered our guests a chance to unwind and network while enjoying great food and an open bar, against a backdrop of glittering skyscrapers.

2023 Continue reading

Calico monthly roundup: October 2023

Welcome to the Calico monthly roundup: October edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Join us at KubeCon + CloudNativeCon North America 2023 We’re gearing up for KubeCon + CloudNativeCon 2023 in Chicago. Join us at booth #G13 for exciting Kubernetes security updates and pick up some cool new Calico swag! See what we’ve got planned.

Customer case study: eHealth Calico provides visibility and zero-trust security controls for eHealth on Amazon EKS. Read our new case study to find out how. Read case study.

Evaluating container firewalls for Kubernetes network security Learn why a traditional firewall architecture doesn’t work for modern cloud-native applications and results in a huge resource drain in a production environment. Read blog post

The State of Calico Open Source: Usage & Adoption Report 2023 Get insights into Calico’s adoption across container and Kubernetes environments, in terms of platforms, data planes, and policies. Read the report.

Open source news

• Read stories of Calico Open Source in action from our Calico Big Cats
  • Demystifying Calico Open Source: Empowering Your Network Security
  • Securing what others have overlooked with Calico
• Share your Calico Open Source journey and win Continue reading

Calico monthly roundup: September 2023

Welcome to the Calico monthly roundup: September edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Transforming Container Network Security with Calico Container Firewall Discover how you can automate security, ensure consistency, and tightly align security with development practices in a microservices environment. Read blog post

The State of Calico Open Source: Usage & Adoption Report 2023 Get insights into Calico’s adoption across container and Kubernetes environments, in terms of platforms, data planes, and policies. Read the report.

Open source news

• Share your Calico Open Source journey and win a $25.00 gift card – Your journey with Calico Open Source matters to us! Share your experience and insight on how you solve problems and build your network security using Calico. Book a meeting to tell us about your journey and where you seek information. As a thank you, we’ll send you a $25.00 gift card!
• Calico Live – Join the Calico community every Wednesday at 2:00 pm ET for a live discussion about learning how to leverage Calico and Kubernetes for networking and security. We will explore Kubernetes security and policy design, network flow logs and more. Join Continue reading

Calico monthly roundup: August 2023

Welcome to the Calico monthly roundup: August edition! From open source news to live events, we have exciting updates to share—let’s get into it!

*NEW* The State of Calico Open Source: Usage & Adoption Report 2023 Get insights into Calico’s adoption across container and Kubernetes environments, in terms of platforms, data planes, and policies. Read the report.

Customer case study: HanseMerkur Using Calico, HanseMerkur was able to reduce infrastructure overhead and achieve organizational compliance. Read our new case study to find out how. Get case study.

Open source news

• Calico Live – Join the Calico community every Wednesday at 2:00 pm ET for a live discussion about learning how to leverage Calico and Kubernetes for networking and security. We will explore Kubernetes security and policy design, network flow logs and more. Join us live on LinkedIn or YouTube.
• CNCF webinar – Watch the recording of our CNCF live webinar, where we talk about eBPF advantages and troubleshooting. Watch now.
• Calico for Microsoft Azure – Learn technical differences between different Azure networking options for Microsoft AKS environments and tradeoff analysis. Read blog post.
• Podcast – Listen to this joint podcast with Calico Big Cat, Parth Goswami, where they answer the Continue reading

New report: The state of Calico Open Source 2023

We are excited to announce the publication of our 2023 State of Calico Open Source, Usage & Adoption report! The report compiles survey results from more than 1,200 Calico Open Source users from around the world, who are actively using Calico in their container and Kubernetes environments. It sheds light on how they are using Calico across various environments, while also highlighting different aspects of Calico’s adoption in terms of platforms, data planes, and policies.

Report highlights

The report shows that Calico continues to be a pivotal part of the container and Kubernetes ecosystem, finding large-scale adoption across major Kubernetes platforms.

• Calico Open Source is mainly used for Kubernetes networking and security
  • 63% are using Calico as a security policy engine on top of an existing CNI
• The top 3 Calico capabilities driving user adoption are its scalable networking, security policies and interoperability across different environments
• Calico users are using a combination of data planes including eBPF, standard Linux and Windows
  • 16% of respondents use Calico’s newer eBPF data plane
• Calico policy creation and deployment is driven by the need for workload access control and secure egress access
  • 85% of users need to achieve network segmentation and protect east-west traffic

Continue reading

Calico monthly roundup: July 2023

Welcome to the Calico monthly roundup: July edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Customer case study: Upwork Using Calico, Upwork was able to enforce zero-trust security for its newly migrated containerized applications on Amazon EKS. Read our new case study to find out how. Read case study.

Container security – Self-paced workshop This self-paced tutorial is designed to help you prevent, detect, and stop breaches in containers and Kubernetes. Learn how to secure all aspects of your containerized applications—all at your own pace! Get started.

Open source news

• Calico Live – Join the Calico community every Wednesday at 2:00 pm ET for a live discussion about learning how to leverage Calico and Kubernetes for networking and security. We will explore Kubernetes security and policy design, network flow logs and more. Join us live on Linkedin or YouTube.
• CNCF webinar – Watch our CNCF on-demand webinar, Container and Kubernetes security policy design: 10 critical best practices, here.
• Calico eBPF and XDP – Learn how to implement eBPF security policies and XDP to achieve better performance in your Kubernetes cluster. Hands-on lab environment available here.
• Calico Wall of Continue reading

Cybernews Expert Interview with Tigera President and CEO, Ratan Tipirneni

The challenges companies face regarding private and professional data protection are more important today than ever. In the modern enterprise, cloud computing and the use of cloud-native architectures enable unmatched performance, flexibility, velocity, and innovation. However, as digitalization pushes applications and services to the cloud, cyber criminals’ intrusion techniques have become increasingly sophisticated. To stay current with advancing technologies, doubling or tripling security measures is a must.

To understand the critical need for advanced cybersecurity measures, we turned to an expert in the industry, Ratan Tipirneni, President and CEO of Tigera – a company providing active, zero-trust-based security for cloud-native applications running on containers and Kubernetes.

Q: How did the idea of Tigera originate? What has your journey been like so far?

It was over six years ago that Tigera created Project Calico, an open-source container networking and security project.

As containers and Kubernetes adoption grew and organizations started using Kubernetes at scale, Tigera recognized the industry’s need for more advanced security and observability. Tigera has since grown from the Project Calico open-source project to a container security innovator that now supports many Fortune 100 companies across the globe.

Tigera’s continued success comes from listening to customers’ needs, understanding Continue reading

Calico monthly roundup: June 2023

Welcome to the Calico monthly roundup: June edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Customer case study: Box Using Calico, Box achieved zero-trust security and policy automation at scale in a multi-cluster environment. Read our new case study to find out how. Read case study.

Is your container environment compliant with NIST guidelines? This assessment helps you compare your current security posture against the NIST Cybersecurity Framework and assess your readiness to detect and protect against cyberattacks. Read the guide.

Open source news

• Calico Live – Join the Calico community every Wednesday at 2:00 pm ET for a live discussion about learning how to leverage Calico and Kubernetes for networking and security. We will explore Kubernetes security and policy design, network flow logs and more. Join us live on Linkedin or YouTube.
• Calico Wall of Fame – As a valued member of our Calico users community, we would like to feature you on our NEW Project Calico Wall of Fame. To participate, fill out the form here.

Connect

• The next monthly Project Calico community meeting will happen on on July 9th at 9:00 am PT. Join the Zoom Continue reading

RSAC 2023 interview: Tigera talks cloud-native security on theCUBE

During RSA Conference 2023, Utpal Bhatt sat down with SiliconANGLE & theCUBE host, John Furrier, to talk cloud-native security. Watch the full interview below.

Here’s a sneak peak of what’s inside…

“Cloud-native applications have fundamentally changed how security gets done. And there are a lot of challenges that cloud-native applications bring to the table, which is what organizations are realizing. If you think about organizations moving into the cloud, the majority have traditionally done a lift and shift. But now they’re recognizing that in order to get the economics right, they need to start developing cloud-native technologies, which are highly distributed, ephemeral, and transient. So all your standard security tools just really don’t work in that environment because you have a really large Continue reading

Tigera has been awarded Microsoft’s 2022 Partner of the Year award for OSS on Azure

We are proud to announce that we have won the 2022 Microsoft OSS on Azure Partner of the Year award! The Microsoft Partner of the Year Awards recognize Microsoft partners that have developed and delivered outstanding Microsoft-based applications, services, and devices during the past year. Awards were classified in various categories, with honorees chosen from a set of more than 3,900 submitted nominations from more than 100 countries worldwide. Tigera was recognized for providing outstanding solutions and services for open source on Azure.

Since June 2021, Tigera and Microsoft Azure together provide users with active build, deploy, and runtime security with full-stack observability for securing, monitoring, and troubleshooting containers on Azure and AKS. Tigera works closely with Microsoft to offer networking, security, and observability for containerized workloads running in Microsoft Azure.

We are very proud to be recognized as Microsoft’s Partner of the Year for OSS on Azure as it re-affirms the reach and pervasiveness of Tigera’s Calico Open Source solution for container networking and security on Azure and AKS. As enterprises standardize across Microsoft Azure, customers require a resource-efficient and scalable networking and security solution that protects the workloads in a hybrid environment extending from the cloud (Azure and Continue reading

test-sc

The post test-sc appeared first on Tigera.

The state of cloud-native security 2022 – Tigera’s new market report

We are excited to announce the publication of our first State of Cloud-Native Security market report! The report compiles survey results from more than 300 security and IT professionals worldwide (all of whom have direct container responsibilities), and explores organizations’ needs and challenges when it comes to containers and cloud-native applications, specifically in the areas of security, observability, and compliance.

Report highlights

Our survey results showcase the rise in cloud-native development, while identifying barriers and areas where organizations need support on their cloud-native journey. Some of the report’s key findings include:

• Cloud-native applications gain momentum but present security, compliance, and observability issues.
  • While our survey found that 75% of companies are focusing development on cloud-native applications, the increased development (and deployment) also creates the need for more advanced observability and security capabilities.
• Containers require security solutions for runtime, access, and networking.
  • 98% of organizations need container security, with runtime security topping the list.
• Cloud-native and container compliance requirements are driving delays and challenges.
  • 95% of organizations report they have compliance requirements for cloud-native applications, with 84% stating that meeting these compliance requirements is challenging.

Why read the report?

The report gives organizations a chance to benchmark themselves against the findings, Continue reading

How to secure Kubernetes at the infrastructure level: 10 best practices

Infrastructure security is something that is important to get right so that attacks can be prevented—or, in the case of a successful attack—damage can be minimized. It is especially important in a Kubernetes environment because, by default, a large number of Kubernetes configurations are not secure.

Securing Kubernetes at the infrastructure level requires a combination of host hardening, cluster hardening, and network security.

• Host hardening – Secures the servers or virtual machines on which Kubernetes is hosted
• Cluster hardening – Secures Kubernetes’s control plane components
• Network security – Ensures secure integration of the cluster with surrounding infrastructure

Let’s dive into each of these and look at best practices for securing both self-hosted and managed Kubernetes clusters.

Host hardening

There are many techniques that can be used to ensure a secure host. Here are three best practices for host hardening.

Use a modern immutable Linux distribution

If you have the flexibility to choose an operating system (i.e. your organization doesn’t standardize on one operating system across all infrastructure), use a modern immutable Linux distribution, such as Flatcar Container Linux or Bottlerocket. This type of operating system is specifically designed for containers and offers several benefits, including:

• Immutability – This type Continue reading

What a more holistic approach to cloud-native security and observability looks like

The rise of cloud native and containerization, along with the automation of the CI/CD pipeline, introduced fundamental changes to existing application development, deployment, and security paradigms. Because cloud native is so different from traditional architectures, both in how workloads are developed and how they need to be secured, there is a need to rethink our approach to security in these environments.

As stated in this article, security for cloud-native applications should take a holistic approach where security is not an isolated concern, but rather a shared responsibility. Collaboration is the name of the game here. In order to secure cloud-native deployments, the application, DevOps, and security teams need to work together to make sure security happens earlier in the development cycle and is more closely associated with the development process.

Since Kubernetes is the most popular container orchestrator and many in the industry tend to associate it with cloud native, let’s look at this holistic approach by breaking it down into a framework for securing Kubernetes-native environments.

Framework

At a high level, the framework for securing cloud-native environments consists of three stages: build, deploy, and runtime.

Build

In the build stage, developers write code and the code gets compiled, Continue reading