Enterprises that deploy Kubernetes in corporate data centers or cloud environments often use Cisco Secure Firewall to protect their networks and cloud resources. These firewalls are crucial for examining traffic coming from Kubernetes clusters. However, accurately determining the origin of this traffic as it passes through Cisco Secure Firewall can be challenging.

We’re happy to announce that Tigera recently achieved Amazon Web Services (AWS) Security Competency status. This designation recognizes the security capabilities of Tigera’s Calico Cloud platform in helping customers secure their AWS workloads and achieve their cloud security goals. To receive the designation, AWS Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

Kubernetes offers excellent scalability and flexibility to your infrastructure. Yet, in the midst of this transformation, we’ve all grappled with the difficulties of local IPv4 addressing which usually leads to the implementation of Network Address Translation (NAT) and unfolds complexities that we’d instead like to avoid. As if that weren’t enough, the scarcity of public IPv4 addresses and their expensive rental costs loom over our digital ambitions.

Over the past year, we’ve been building something new for Calico Cloud that’s aimed at helping anyone who is charged with improving the security of their Kubernetes clusters. I’m excited to announce that Calico Cloud is releasing new capabilities for security posture management called Security Scoring and Recommended Actions.

In my previous blog post, I touched upon some challenges with how NGFW container firewalls are built and how it takes a team of firewall specialists to deploy, configure and maintain the firewall platform. In this blog I will illustrate the challenges in detail and demonstrate the simplicity of the Calico container firewall platform.

Considering the vast attack surface and flat network architecture, Kubernetes workloads are particularly susceptible to network-based threats. While following best practices like workload access controls, workload-centric IDS/IPS, and WAF can help prevent and block attacks, anomaly detection has become crucial in today’s IT landscape to proactively anticipate security threats.

Many AWS customers have security requirements that are well beyond what AWS Security Groups or AWS Network Access Control Lists can offer in terms of scalability and security. That’s why many of them turn to AWS Network Firewall as a common solution.

The timeline of an application can be broadly described in 3 phases: Thus, runtime security in the context of a cloud-native container environment broadly refers to the tools and processes leveraged to protect the operation of running containers in production.

In my previous blog post, What you can’t do with Kubernetes network policies (unless you use Calico): TLS Encryption, I talked about use case number two from the list of 9 things you cannot implement using basic Kubernetes network policy—anything TLS related. In this blog post, we’ll be focusing on use case number three: node specific policies.

In the vast digital landscape, the flow of data across networks is akin to water coursing through a city’s plumbing system. Just as impurities in water can signal potential issues, deviations in network traffic, termed as network inserted anomalies, can hint at cyber threats. These anomalies range from overt signs like unauthorized access attempts to subtler indicators like unusual data transfer patterns.