Solution

Container Firewall

Secure containerized workloads with network security controls for hybrid and multi cloud Kubernetes environments.

Zero-Trust Explainer Video

Benefits

Improves the network security posture of containerized workloads across multi-cluster, multi-and hybrid cloud environments

This is a firewall icon.

Protect Outbound Traffic

Secure workload access to external resources with advanced network policies and egress gateways
Networking icon.

Prevent Lateral Movement of Threats

Enforce Zero-trust policies to restrict east-west traffic between untrusted pods
Threat protection icon.

Detect and Block Attacks

Prevent network-based attacks from malicious sources at the granular workload-level

Solution Architecture

Solution Architecture - Calico container firewall with IDS/IPS, anomaly detection, honeypods, DPI, workload-centric WAF diagram
Kubernetes pods show allowed and blocked communication with external services.

Secure Outbound Traffic

Deploy granular, zero-trust workload access controls from individual pods in Kubernetes clusters to external resources, including databases, internal applications, 3rd-party cloud APIs, and SaaS applications.

Secure pods using fine-grained DNS egress policies and NetworkSets.

Learn More
Universal Firewall Integration diagram

Egress Gateway

Identify the traffic source from a Kubernetes cluster at the namespace or pod level to enforce traffic policies using existing network security tools such as perimeter firewalls.

Assign a fixed, routable IP to a Kubernetes namespace to identify workloads running within that namespace.

Learn More
Service Graph Screenshot

Network Visibility

Get complete network topology and traffic visibility with a graph-based visualization of your Kubernetes deployments. Troubleshoot security and compliance gaps, connectivity breakdowns, anomalous behavior, and security policy violations.

Learn More
Solution architecture elements: cloud, security shield, checklist, and magnifying glass

Intrusion Detection and Prevention

Protect against data exfiltration and malware attacks by blocking communication to known malicious IPs, domains, and VPNs by ingesting global threat intelligence feeds.

Stop zero-day attacks with heuristics-based learning of anomalous network activity. Apply deep-packet inspection (DPI) to selective workloads to detect suspicious activity.

Detect and prevent OWASP Top 10 attacks with workload-centric web application firewall (WAF). Intercept DDoS attacks by blocking requests from malicious IPs.

Learn More
Service Graph displaying connected services and HTTP flow data.

Application-Layer Policy

Apply security controls at the application level to secure pod-to-pod traffic, including HTTP methods and URL paths. Eliminate the operational complexity of deploying an additional service mesh.

Gain application-layer visibility into service-to-service communication.

Learn More
Edit Policy Segmentation Granularity Screenshot

Dynamic Microsegmentation

Achieve workload isolation based on environments, application tiers, compliance needs, user access, and individual workload requirements. Get automatic and continuous policy recommendations for namespace-based isolation.

Enforce consistent segmentation policies across the environment.

Learn More
Policies Board Screenshot

Security Policy Management

Collaboratively author, stage, preview, enforce, and manage security policies with Calico’s unified policy framework. Test policy before deployment using staged policies. Deploy policies in hierarchical policy tiers based on roles and permissions to ensure consistent enforcement of policies. The manager UI has a policy board so teams can easily view and manage all active and inactive security policies in the Kubernetes cluster.

Learn More

Available on Microsoft Azure, AWS, and Google Marketplace

Get started right away on Azure, AWS, or Google Cloud—every Calico component you need to get up and running is ready to go.

Microsoft Azure, AWS, and Google Cloud logos.

Customer Testimonial

Here’s what our customers are saying about us

Quotation marks
After implementing Calico WAF as a sidecar, NuraLogix went from an average latency of 30 milliseconds down to 1 millisecond. Overall, NuraLogix’s software works better, is faster, and is more scalable thanks to Calico Cloud.
Romil Khanna
Data Security Officer & Platform Engineering Team Lead,
NuraLogix
Nuralogix Logo
Learn More

Featured Resources

Developer-created resources to help you secure your Kubernetes deployment

Transforming container network security with Calico Container Firewall
Blog

Transforming container network security with Calico Container Firewall

Network security for containers and Kubernetes needs a new approach for hybrid, multi-cloud environments.
Read More
Microsegmentation Datasheet
Datasheet

Microsegmentation Datasheet

Scalable, unified microsegmentation for cloud-native workloads across all of your environments.
Read More
Evaluating container firewalls for Kubernetes network security
Blog

Evaluating container firewalls for Kubernetes network security

Can NGFW container firewalls protect cloud-native applications?
Read More
Calico Logo

Ready to Get Started?

Get started for free or request a demo to see Calico in action

X