Tigera Enhances Calico
November 2024 by Marc Jacob
Tigera announced several new features that significantly advance Calico’s network security and runtime security capabilities.
With the rise in Artificial Intelligence (AI) applications, and the infrastructure trend of migrating from virtual machines (VMs) to Kubernetes, network security has become critical. Tigera’s new updates to Calico extend its network security and visibility capabilities to VMs and hosts, and provide several new enhancements for implementing network security.
The new release of Calico also includes essential capabilities for security teams. Today, there is a critical need to simplify security monitoring. Security operations teams are overwhelmed with the number of security events and false positives, and need solutions that help them become more efficient and effective in their roles. Tigera has enhanced Calico’s runtime security capabilities, including fine-tuning the detectors to eliminate noise and make the detection more targeted.
Network Security Enhancements
Policy Tiers and Support for AdminNetwork and BaselineNetwork Policies – Calico now supports new Kubernetes policies and Calico policy tiers that provide granular control over policy precedence, ensuring predictable, consistent enforcement and enabling better collaboration between teams.
Extend Calico Network Security Beyond Kubernetes to VMs and Hosts – Calico can protect VMs and hosts running outside of a Kubernetes cluster, significantly expanding the scope of how users can leverage Calico to secure application workloads.
Native Support for nftables – Calico introduces native support for nftables, ensuring that Kubernetes users can smoothly transition from iptables to nftables while maintaining performance and compatibility.
New Sidecar Deployment for Envoy in Calico – Ensures greater levels of compatibility with certain Kubernetes platforms such as GKE, AKS, EKS and Wireguard.
Runtime Security Enhancements
Fine-Tuned Runtime Threat Detection for Accuracy and Efficiency – Calico allows administrators to select which types of detectors to enable in their cluster, enabling teams to phase their deployment and tune and customize threat detection.
Significant Reduction of False Positives – Calico enables operators to bypass threat detection for certain known processes, thereby eliminating false positives.
Bolstered Network-Based Threat Detection – Calico supports the ability to customize SNORT rules for Deep Packet Inspection (DPI) on a workload basis to improve accuracy.
Insight into the Exploitability of Vulnerabilities to Prioritize Remediation – Calico introduces new meta data including Exploit Prediction Scoring System (EPSS) and information on known exploits to estimate the likelihood that the software vulnerability will be exploited in the wild.
With these new updates, Calico provides platform and security engineers with more control, visibility, and efficiency in securing and managing their Kubernetes and hybrid environments. Calico’s latest enhancements offer both flexibility for development teams and strict controls for platform and security teams.