Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Embracing DevSecOps for Containers and Kubernetes with Calico Cloud

DevSecOps is a collaborative practice that incorporates security into the development and delivery of software. DevSecOps encourages a culture where security, development, and operations teams collaborate closely; this collaboration ensures that security considerations are understood and implemented by everyone involved in the software development lifecycle.

What you can't do with Kubernetes network policies (unless you use Calico): The ability to explicitly deny policies

In my previous blog post, I talked about the eighth use case from the list of nine things you cannot implement using basic Kubernetes network policy — the ability to log network security events. In this final blog post of the series, we’ll be focusing on one last use case: the ability to explicitly deny policies.

The Crucial Role of Network Policies and Encryption in Securing Kubernetes Workloads

Ensuring the security of containerized workloads has become a top priority given the accelerated adoption of managed Kubernetes services. The complexity of hosting these workloads securely in the cloud necessitates a comprehensive array of security measures. Among these, network policies and encryption stand out as indispensable prerequisites for safeguarding sensitive workloads in a shared, multi-tenant environment.

Using webhooks to boost cloud-native application security

In the ever-evolving landscape of cloud-native applications built with containers and Kubernetes, webhooks serve as the communication backbone, facilitating seamless integration between various components, especially in the realms of security, networking, and troubleshooting. This is further amplified when combined with popular collaboration tools such as Jira and Slack.

Integrating Calico Image Assurance (Vulnerability Management) with Azure DevOps Build Pipeline

In cloud-native software development, ensuring the supply chain security of containerized applications in Kubernetes (K8s) environments is of utmost importance. With the continuous evolution of threats, safeguarding your containerized applications at every stage is not a choice anymore; it is an absolute necessity. With Calico’s vulnerability management, you can scan container images across three pivotal application lifecycle stages: Let’s break down the scanning guardrails offered by Calico.

What you can't do with Kubernetes network policies (unless you use Calico): The ability to log network security events

In my previous blog post, What you can’t do with Kubernetes network policies (unless you use Calico): Advanced policy querying & reachability tooling, I talked about this use case from the list of nine things you cannot implement using basic Kubernetes network policy — advanced policy querying and reachability tooling. In this blog post, we’ll focus on the use case — the ability to log and analyze network security events.

Leveraging Recommended Metrics for Calico to optimize and secure Kubernetes application operations

In the ever-evolving landscape of Kubernetes networking and security, Calico has proven to be a battle-hardened, scalable and robust solution. Core to Calico’s architecture are two components, Felix and Typha. And given their importance for running Kubernetes deployment, it is no surprise that monitoring these components is crucial to secure and maintain them for optimal cluster operation.

Troubleshooting DNS issues in Kubernetes: Investigate and reduce NXDOMAIN (domain does not exist) responses

NXDOMAIN, indicating the non-existence of a queried domain, poses significant challenges within Kubernetes, impacting application functionality, service communication, and overall cluster stability. Investigating NXDOMAIN responses in Kubernetes is vital for sustaining the reliability, performance, and security in a containerized environment.

Calico Egress Gateway: How to provide a stable public network identity for EKS workloads to securely connect with approved SaaS

Many organizations have adopted IP address allowlisting for their corporate cloud applications as an added layer of security. Many sanctioned cloud applications and web services enforce access restrictions based on the source IP address of incoming traffic. To establish a connection with these remote SaaS services, your traffic must originate from a particular IP address that is pre-registered. Any traffic originating from different IP addresses will be denied access by these remote applications.

Deploy multi-tenant Red Hat OpenShift clusters with Calico's namespace and workload isolation

As you are using OpenShift or are planning to use it for your containerized applications, ensuring robust security is crucial. As you dive deeper and your workloads become more complex, the need for advanced security measures becomes apparent. This is where Calico’s microsegmentation capability helps to achieve tenant and workload isolation. Let’s explore how Calico can be a game-changer in strengthening the security posture of your OpenShift environment.