Tigera today announced the addition of a scanning engine to its calico cloud service that will continuously assess images for vulnerabilities and misconfigurations in addition to managing interactions between microservices running on Kubernetes clusters.
Amit Gupta, vice president of business development and product management at Tigera, explains that the scanning engine uses machine learning algorithms to identify and remediate known and unknown threats. Indeed, Calico Cloud is now also a cloud-native application protection platform (CNAPP).
The CNAPP describes a range of cloud platforms that aggregate security services and make them easier to consume. Calico Cloud is a software-as-a-service (SaaS) platform based on the Calico open-source network virtualization project. It automatically deploys Calico, along with additional features developed by Tigera, which can, for example, both monitor a Kubernetes environment and enforce security policies that limit communication between specific microservices on a Kubernetes cluster. A dynamic service and threat graph provides live visualizations of communication between services, namespaces, and workloads to enable faster troubleshooting by highlighting security gaps, vulnerabilities, and security issues. performance.
Calico also includes an admission controller to automatically block the deployment of Kubernetes pods that contain very severe vulnerabilities. It also continuously monitors Kubernetes images, workloads, and infrastructure and compares them against common configuration security standards to provide detailed assessments. These reports can then be integrated into a continuous integration/continuous delivery (CI/CD) pipeline for further adoption of DevSecOps workflows, Gupta says.
Other features include built-in probes that collect workload activity data on, for example, network traffic, file system, processes, system calls, and binaries. The threat defense engine compares data from these probes in near real-time with known malicious attacks. The machine learning algorithms then create a behavioral baseline of the workload which is further informed by a set of rules curated by Tigera created based on historical attacks.
Finally, Calico Cloud offers workload-level intrusion detection and prevention, deep packet inspection (DPI), distributed denial-of-service (DDoS) attack prevention, and application-level protection with a web application firewall (WAF) that can be integrated with security. information and event management platforms (SIEM).
Collectively, these capabilities allow IT organizations to leverage a platform infused with machine learning algorithms to create a zero-trust environment that can span a fleet of Kubernetes clusters, Gupta explains. As modern computing environments based on cloud-native technologies become more complex, Gupta noted that machine learning algorithms and other forms of artificial intelligence (AI) are increasingly needed to achieve this goal of zero trust. These algorithms don’t so much replace the need for IT professionals as they augment the small group of IT professionals who have the expertise required to manage and secure a Kubernetes environment.
It’s not yet clear whether developers, IT operations teams, or cybersecurity professionals bear primary responsibility for securing cloud-native environments. It’s increasingly a team effort, as the responsibility for application security continues to shift to application developers. The challenge, of course, is to find a way to achieve this goal that doesn’t negatively impact the speed at which cloud-native applications are built and deployed.