In this blog post I will be discussing how Egress Gateways can help in securing traffic by means of policy routing. If you are not familiar with Egress Gateways, take a look at our blog post, Using Calico egress gateway and access controls to secure traffic.

In today’s cloud-driven landscape, containerized workloads are at the heart of modern applications, driving agility, scalability, and innovation. However, as these workloads become increasingly distributed across multi-cluster, multi-cloud, and hybrid environments, the challenge of securing them grows exponentially. Traditional network security measures designed for static network boundaries are ill-suited for the dynamic nature of containerized applications.

Teams implementing the Azure Well-Architected Framework, and using the Hub and Spoke network topology often rely on the Azure Firewall to inspect traffic coming from Azure Kubernetes Service (AKS) clusters. However, they face challenges in precisely identifying the origin of that traffic as it traverses the Azure Firewall. By default, traffic leaving a Kubernetes cluster is not assigned a meaningful network identity that can be used to associate it with the application it came from.

Welcome to the world of Docker containers, where the power of isolation and portability meets streamlined application development. Whether you’re an experienced Docker user or just starting your containerization journey, effectively understanding and utilizing WORKDIR can significantly enhance your development workflow. 61% of respondents to a recent Statista survey said they use Kubernetes, putting Docker and Kubernetes among the most in-demand skills by software firms globally.

This release, we’re really excited about major improvements to Calico’s workload-centric WAF. We’ve made it much easier for users to configure and deploy the WAF in just a few clicks and we’ve also made it much easier to review and manage WAF alerts through our new Security Events feature.

In this blog post, we will take a comprehensive dive into a real-world cyber attack that reverberated across the digital realm – SCARLETEEL. Through an in-depth analysis of this notorious incident using the MITRE ATT&CK framework, we aim to unearth invaluable insights into the operational tactics of cyber adversaries.

It’s not a mystery that eBPF (Extended Berkeley Packet Filter) is a powerful technology, and given its nature, it can be used for good and bad purposes. In this article, we will explore some of the offensive capabilities that eBPF can provide to an attacker and how to defend against them.

Containerization is the most popular approach for all modern cloud deployment. This technology makes it possible to encapsulate application workloads as OS-agnostic containers. The result is a new breed of cloud-native applications running across any infrastructure, scaling up or down based on demand. Consequently, there is a need to orchestrate these containers to deliver maximum efficiency in workload execution.