Security Information and Event Management (SIEM) is essential for enterprise organizations because it provides the tools and capabilities needed to effectively monitor, detect, respond to, and mitigate cybersecurity threats, while also supporting compliance and overall security strategy enhancement.

In this blog post I will be discussing how Egress Gateways can help in securing traffic by means of policy routing. If you are not familiar with Egress Gateways, take a look at our blog post, Using Calico egress gateway and access controls to secure traffic.

In today’s cloud-driven landscape, containerized workloads are at the heart of modern applications, driving agility, scalability, and innovation. However, as these workloads become increasingly distributed across multi-cluster, multi-cloud, and hybrid environments, the challenge of securing them grows exponentially. Traditional network security measures designed for static network boundaries are ill-suited for the dynamic nature of containerized applications.

Teams implementing the Azure Well-Architected Framework, and using the Hub and Spoke network topology often rely on the Azure Firewall to inspect traffic coming from Azure Kubernetes Service (AKS) clusters. However, they face challenges in precisely identifying the origin of that traffic as it traverses the Azure Firewall. By default, traffic leaving a Kubernetes cluster is not assigned a meaningful network identity that can be used to associate it with the application it came from.

This release, we’re really excited about major improvements to Calico’s workload-centric WAF. We’ve made it much easier for users to configure and deploy the WAF in just a few clicks and we’ve also made it much easier to review and manage WAF alerts through our new Security Events feature.

Calico has recently introduced a powerful new policy recommendation engine that enables DevOps, SREs, and Kubernetes operators to automatically generate Calico policies to implement namespace isolation and improve the security posture of their clusters.

The microservices architecture provides developers and DevOps engineers significant agility that helps them move at the pace of the business. Breaking monolithic applications into smaller components accelerates development, streamlines scaling, and improves fault isolation. However, it also introduces certain security complexities since microservices frequently engage in inter-service communications, primarily through HTTP-based APIs, thus broadening the application’s attack surface.

The challenges companies face regarding private and professional data protection are more important today than ever. In the modern enterprise, cloud computing and the use of cloud-native architectures enable unmatched performance, flexibility, velocity, and innovation. However, as digitalization pushes applications and services to the cloud, cyber criminals’ intrusion techniques have become increasingly sophisticated.

In a previous blog post, Hands-on guide: How to scan and block container images to mitigate SBOM attacks, we looked at how Software Supply Chain threats can be identified and assessed. The severity of these vulnerabilities determine the posture or scan result for an image i.e. Pass, Warning or Fail. The next question is “What can we do with these results?”.

Microservices security is a growing concern for businesses in the face of increasing cyber threats. With application layer attacks being a leading cause of breaches, it’s more important than ever to safeguard the HTTP-based communication between microservices within a Kubernetes cluster. Traditional web application firewalls (WAFs) are not designed to address this specific challenge, but Calico WAF offers a unique solution.