AI-powered investigation combined with behavioral detection and response reduces false positives for time-strapped detection engineers

RAD Security takes the stage as a finalist in the Black Hat Startup Spotlight Competition, it unveils the first-ever AI-powered incident investigation capability for behavioral detection and response. Today, cloud security is based almost exclusively on signature-based detections, which are notorious for burdening security teams with false positives. RAD Security is the first to combine AI-powered incident investigation with behavioral, signature-less detections, to significantly reduce false positives and provide much-needed relief for overburdened security teams.

Also Listen: AI Inspired Series by AiThority.com: Featuring Bradley Jenkins, Intel’s EMEA lead for AI PC & ISV strategies

“By definition, signatures are stateless, making investigations based on the signature-focused approach inaccurate and tedious,” says CTO and Co-Founder Jimmy Mesta. “By adding AI-powered investigations to behavioral detection, which is already a step ahead of signature-based detection in accuracy, security teams can quickly get light years ahead in the accurate assessment of incidents.”

RAD’s behavioral approach and AI-powered investigations result in the lowering of false positives on their own; but by putting these two capabilities together, RAD enables security teams to achieve a multiplier effect. The enhanced accuracy of behavioral methods versus signature-based methods is easily demonstrated using multiple examples of attack tactics like reverse shells, access to sensitive data, and a Sudo CVE. In these examples, while signatures can be easily bypassed by avoiding the exact parameters, they are detected by RAD’s behavioral solution. By the same token, a behavioral drift event is not always a malicious event, so the addition of the AI investigation capability ensures additional accuracy. AI is particularly suited for looking across large sets of data and quick contextualization, making it a natural investigation tool and engine to analyze benign versus malicious drift.

Throughout the history of cyber security, and most famously in the endpoint and network security markets, signatures have eventually been replaced by behavioral methods in response to an evolving threat landscape. Today, the cloud security category is nearly entirely composed of signature-based approaches with runtime security and Cloud Workload Protection (CWPP) that are standalone or part of a broader Cloud Native Application Protection Platform (CNAPP). In sharp contrast to signature-based CNAPPs, or posture-focused Cloud Security Posture Management (CSPM), RAD Security’s Cloud Detection and Response (CDR) solution creates behavioral baselines of unique good behavior to detect zero day attacks, enriching detections with real-time identity and infrastructure context that inform response actions.

More and more, detection and response is being accomplished by fewer and fewer dedicated people, with 22% of security professionals reporting recent layoffs at their company. The workforce reductions are an even more acute pain in cloud security, with 65% of cybersecurity and infosecurity professionals claiming burnout due to skill gaps. Even though a full 95% of IT decision makers feel their team has been negatively impacted by the cloud security skills gap, cloud native adoption continues, and analysts predict that, by 2025, 95% of new applications will be built using cloud native workloads.

Zero days like the XZ Backdoor are now a regular occurrence, making detection and response in cloud native environments more important than ever.

Also Read: Humanoid Robots And Their Potential Impact On the Future of Work

RAD Security has introduced multiple new features to help security teams adopt new innovation that will help them address these alarming trends and emerging threats:
– Amazon EKS Add-on: RAD Security is now available as an Amazon EKS Add-on in the AWS Marketplace for Containers. This means customers can now provision the real-time KSPM and runtime features of the RAD platform directly from EKS, for real-time visibility into their Kubernetes risk as well as signatureless cloud detection and response.
– Automated AI-Powered Investigation: RAD Security uses LLMs to quickly analyze multiple behavioral detections and determine whether an incident is malicious or benign, including real-time infrastructure and identity context.
– Findings Center: All incidents are now available in an easy to navigate console, making detection and investigation easier and quicker.
– RAD Open Source Catalog: New version details and new open source images have now been added to the RAD Catalog, detailing the changes in behavioral fingerprints over time and bolstering the behavioral workload fingerprint standard.

Schedule a meeting with the RAD Security team at the Black Hat Conference this week to discuss improving detection accuracy for attacks in your cloud environments. The team will be exhibiting at booth #219 in Startup City, and at 4:45PM EST they will be presenting at the Innovators and Investors Summit as one of the four finalists in the Startup Spotlight competition.

Don’t miss this out: More than 500 AI Models Run Optimized on Intel Core Ultra Processors

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

The post RAD Security Launches First AI-Powered Incident Investigation with Behavioral Detection & Response Platform appeared first on AiThority.

The post Checkmarx: 99 Percent of Developers Use AI, 80 Percent Worry About Security appeared first on AiThority.

Annual recurring revenue from cloud-native Checkmarx One platform tripled year over year as company scans over a billion lines of code per month and builds robust technology partner ecosystem

Checkmarx, the leader in cloud-native application security, has announced significant growth and momentum during 2023, including a more than 200% increase in annual recurring revenue from its enterprise application security platform Checkmarx One. As one of the pioneers of application security that is continuing to innovate in the age of generative AI and digital transformation, the company’s growth is fueled by the need for today’s enterprise and large public-sector organizations to secure their entire application footprints.

“Day by day, minute by minute, these mission-critical applications support every aspect of our daily lives, so the security of their operations and our data depends on robust, code-to-cloud application security. That’s what we’re delivering with Checkmarx One.”

Checkmarx’ accelerated growth rate reflects the significant upsurge in application development, with the market for products that support DevSecOps (development, security and operations) practices expected to grow to $13.8 billion in 2027. ¹ Further, as the company’s own security research team has illustrated, risks relating to the use of open source software as part of the software supply chain have risen dramatically.

Recommended AI News: Napier AI Secures £45 Million Investment from Crestline Investors

During the past year of rapid growth, Checkmarx added more than 300 new customers to its roster. Today the company serves 60% of the Fortune 500 and half of the Fortune 50. Enterprise demand for Checkmarx’ comprehensive application security solutions led to the addition of new staff in various regions served by the company, which includes the Americas, EMEA and APAC.

“As application security risk continues to rise, the world’s biggest enterprises and public-sector organizations demand a comprehensive, cloud-native solution to secure their entire application footprints,” said Sandeep Johri, CEO at Checkmarx. “Day by day, minute by minute, these mission-critical applications support every aspect of our daily lives, so the security of their operations and our data depends on robust, code-to-cloud application security. That’s what we’re delivering with Checkmarx One.”

Recommended AI News: Nova Credit Expands Income Navigator in Property Management with SafeRent Solutions

Business highlights from 2023 include:

• Grew annual recurring revenue from the cloud-native Checkmarx One platform more than 200% year over year
• Supported more than 50 times growth in lines of code scanned monthly to 100 billion per month
• Tracked over 80% of scans using multiple Checkmarx One engines
• Reached 3,000,000 download milestone for KICS (Keeping Infrastructure as Code Secure)
• Discovered and exposed the first-known software supply chain attacks aimed at the banking and finance industry
• Helped found the Open Source Security Foundation (OpenSSF) Malicious Packages Repository
• Performed 137 AppSec Program Methodology and Assessment (APMA) consultations worldwide
• Introduced industry’s first solution for securing GenAI-generated code, CheckAI
• Launched Codebashing 2.0 and the Checkmarx Security Champion certificate for developers
• Delivered version 3.0 of the AI-powered Checkmarx One platform, expanding critical software supply chain security capabilities
• Released Fusion 2.0 with groundbreaking Application Risk Management solution to correlate AppSec risk
• Added 30 new partners to Checkmarx Technology Partner Program
• Built channel partner network to over 250 partners worldwide
• Completed integration with Sysdig for code-to-cloud application security for containers
• Integrated with ServiceNow to enable prioritization and remediation of vulnerabilities found by Checkmarx One within the ServiceNow Vulnerability Dashboard.
• Named a Leader for the sixth consecutive year in the 2023 Gartner® Magic Quadrant™ for Application Security Testing ²
• Positioned as a Leader in The Forrester Wave™: Static Application Security Testing, Q3 2023 ³
• Recognized as a 2023 Gartner® Peer Insights™ Customers’ Choice for Application Security Testing for the fifth year in a row ⁴
• Won a DEVIES Award in the DevSecOps category for Checkmarx One

Recommended AI News: US Mobile Operators Conduct Cross-Carrier Drone Safety Connectivity Tests

[To share your insights with us as part of editorial or sponsored content, please write to sghosh@martechseries.com]

The post Checkmarx Accelerates Growth of Cloud-native Application Security Platform appeared first on AiThority.

 Caveonix, the industry’s first unified platform for hybrid multicloud governance, compliance, and security management, announced its fifth-generation offering, which is designed to provide continuous protection of applications built on containers, cloud-native services, and traditional three-tiered architecture.

The next-gen version provides prioritized actionable insights and ensures real-time protection through its unique DefenseBot technology as well as executing policy enforcement for Zero-Trust implementation. This, combined with a shift-left approach for secure DevOps, enables enterprises to manage their security and compliance posture proactively.

The unified platform provides a fully integrated eGRC and Cloud Native Application Protection Platform (CNAPP) with Cloud Security Posture Management (CSPM), and Cloud Workload Protection Platform (CWPP). The platform capabilities are available in various bundles to address the requirements of various stakeholders, from the infrastructure team to security and compliance analysts to the leadership, including CISO, CRO, and CCO.

Latest Insights:  AiThority Interview with Vova Kyrychenko, CTO at Xenoss

New platform capabilities include:

1. AI-powered CNAPP: Our Neural-Insight AI engine continuously secures the entire DevOps cycle from coding to testing to deployment. Using a shift-left model we check security configurations in Infrastructure as Code (IaC) before and during deployment in a CI/CD pipeline and ensure that all potential risks are caught and eliminated at the source. It ensures 360º insights with intelligent, automated risk detection related to the IaC code (Terraform, Cloud Formation Scripts, Azure Resource Management scripts, Kubernetes configuration scripts) as well as factors in data from SAST and DAST code analysis tools and scans of container image library, users can also write custom policy checks with YMAL and REGO language.
2. Automated eGRC: The platform automates eGRC to standardize processes, model scenarios and better prepare for continuous ATO (cATO). It streamlines internal controls to work collaboratively with external requirements. Workflows can be created to ensure accountability, efficiency, and compliance.
3. Powerful Anomaly Detection: Identify anomalies in user behavior, application behavior-based network flows between assets and applications containers and network flow anomalies by looking at runtime metrics, which are easily available in the network insights dashboard. Our AI engine identifies the anomalies and automatically quarantines the endpoints. Thus, localizing the infection and preventing the spread to other assets.

   The platform’s unique DefenseBot™ technology allows workload and cloud native service protection with surgical precision. Users can create customized action(s) to every unique service type on the public clouds such as AWS, GCP, and Azure.

4. Automated Zero-Trust: We automate zero-trust based on insights derived from the operational and runtime data that we collect and analyze. We unify assessment of flows across the hybrid cloud estates for easier and seamless policy enforcement.
5. Customizable Dashboard: The dashboard is fully customizable based on user and associated role. Each role from security analyst to a compliance analyst or an infrastructure engineer as well as a developer can define their default dashboard and reorganize the widgets on the dashboard to customize per their needs.
6. Intuitive Insights: Each user dashboard can have insights that are unique to their role. With a rich library of insights, each user can quickly assess the risk and start taking action based on recommended prioritization. The insights dashboard supports different categories such as risk, compliance, CIEM, public exposure, network, policy violations, secure configurations, IAM, and serverless and containers.
7. Enhanced Attack Path Visibility: The risk insights feature provides risk analytics and quantification. It can identify and assess new critical risk combinations mapped against crown jewel applications from asset to application to organization with a graphical representation of the attack path, thus enabling rapid understanding of the impact and actions that need to be executed for remediation.

Latest Insights: AiThority Interview with Ahmad Al Khatib, CEO and Founder at Qudo

“As organizations are developing and delivering applications at a record pace, securing software development lifecycles, and ensuring continuous compliance across hybrid multicloud environments is becoming a tremendous challenge,” said Kaus Phaltankar, Co-founder, and CEO of Caveonix. “Keeping this in mind, we designed Caveonix Cloud 5.0, an innovative platform for comprehensive full-stack visibility to all your hybrid cloud assets, helping customers prioritize findings for high efficiency and effectiveness and staying continuously compliant with all local to global regulatory and industry requirements.”

“Now organizations can continue to focus on ideas and accelerate innovation to achieve their business goals, while the Caveonix platform, with Neural-Insight™ AI-engine, automates the assessment and protection of the business applications at scale.”

Today, Caveonix has been deployed by several Fortune 500 companies nationally and globally. It has the single largest global enterprise deployment, with over 1 million cloud assets in a hybrid cloud environment.

Latest Insights: AiThority Interview with Brad Anderson, President of Product and Engineering at Qualtrics

[To share your insights with us, please write to sghosh@martechseries.com]

The post Caveonix Launches NextGen AI-powered Caveonix Cloud 5.0 Platform to Safeguard Enterprise Digital Transformation with Automated Security, Compliance, and Governance of Hybrid Cloud appeared first on AiThority.

The post Orca Security is First CNAPP to Launch Cloud to Dev Capabilities, Enabling Security Teams to Close the Loop for Faster Remediation of Production Alerts appeared first on AiThority.

Integration Provides Precise Understanding of Cloud Risk by Correlating Sensitive Data Discovery and Security Signals Across an Array of Security Products

 Zscaler, the leader in cloud security, announced enhancements to Zscaler Posture Control^, strengthening its cloud native application protection platform (CNAPP) capabilities with data loss prevention (DLP) and ThreatLabz threat intelligence powered by the world’s largest security cloud.

AI ChatGPT Insights: How ChatGPT Will Transform Customer Service

Integrating DLP and threat intelligence into Posture Control makes it the only CNAPP that delivers an accurate cloud risk view by correlating risk impact and likelihood using sensitive data discovery and security signals. Deep insights into how incidents will occur, and the resulting data exposure, give DevOps and security teams an unprecedented understanding of where to focus their limited resources. For example, an internet-facing container with a critical unpatched vulnerability represents a significant risk because attackers can exploit it to gain access to personally identifiable information (PII). With this new integration, organizations can reduce costs and resources while staying agile and proactive in securing sensitive data and secrets in the public cloud.

Research shows that 78% of organizations use more than 50 cybersecurity products. Businesses were initially forced to either piece together point tools, like CSPM, CIEM and vulnerability scanning, or rely on loosely integrated solutions that required agent installation and did not correlate and prioritize findings. Recent solutions shifted to a streamlined, agentless deployment and introduced correlation, but the narrow focus on misconfigurations and unpatched vulnerabilities was only a small piece of the risk puzzle.

Zscaler Posture Control, combined with its data protection and threat prevention capabilities, helps world-leading organizations more effectively correlate and prioritize risk across their entire cloud estate, reducing the time, effort and resources needed to piece together these risks.

Read More about Metaverse: The Metaverse as the Great Diversity Experiment

Zscaler Posture Control is a CNAPP solution that helps organizations build, deploy and run secure cloud applications. Launched in 2022, it presents a unified approach to understanding, prioritizing and remediating security risks in public cloud environments. With the seamless integration of Zscaler DLP, security, IT and DevOps teams can understand whether sensitive data such as PII, PHI and PCI are exposed as a result of cloud security weaknesses. These new innovations mean organizations can now realize even greater benefits from Zscaler Posture Control, including:

• Risk identification, correlation and prioritization: Integrated DLP and threat intelligence identify attack paths and detect ongoing attacks by automatically correlating misconfigurations or activities that seem low-risk when viewed individually but can be great risks when viewed holistically.
• Efficiency at scale: An integrated graph-based correlation and prioritization engine expedites remediation and reduces alert fatigue by focusing on the risks that matter most.
• Point product consolidation: A single, easy-to-deploy agentless platform eliminates point products by unifying CSPM, CIEM, CWPP and DLP, continuously securing every stage of the application life cycle.
• Native, end-to-end platform without silos: Posture Control reduces security and DevOps team silos with 360-degree, in-depth visibility of risks across the entire multicloud footprint – including virtual machines (VMs), containers and serverless workloads – from build to run.

“CNAPP platforms have started to gain wide popularity in recent years, but they all suffer from the same weakness: they do not help organizations understand sensitive data exposure,” said Willie Tejada, Senior Vice President at Zscaler. “Zscaler Data Protection technologies offer a deep understanding of sensitive data that we’ve built and developed over many years. By integrating these technologies, Zscaler gives organizations a view of cloud risk that security teams have never seen before.”

 Latest ChatGPT Insights : ChatGPT Won’t Replace Your Marketing Job, But it’s Critical to Leverage for Success

 [To share your insights with us, please write to sghosh@martechseries.com] 

The post Zscaler Extends CNAPP Capabilities with Integrated Data Loss Prevention and Threat Intelligence from the World’s Largest Security Cloud appeared first on AiThority.

OpsCruise, the leading provider of next-generation cloud application observability solutions, announced that its Kubernetes and Cloud Service observability platform is certified to run on Red Hat OpenShift, the industry’s leading enterprise Kubernetes platform. This further supports the company’s observability platform in enabling organizations with enhanced performance while optimizing use of resources and cost.

“We look forward to continued collaboration with Red Hat to serve customers together.”

Red Hat OpenShift is a cloud-native application platform that can help enterprise organizations build a more stable, security-focused Kubernetes environment with extended security and development workflow capabilities.

Recommended AI News: Acceldata Expands Data Observability Platform with New Data Reliability Capabilities

With OpsCruise running on Red Hat OpenShift, organizations can gain deeper visibility into every layer of their Red Hat OpenShift environments in order to reduce troubleshooting time and more confidently resolve performance issues. OpsCruise is an open cloud-native observability platform that enables Ops and App teams to troubleshoot all of their application components in context with configurations, connections, metrics, logs, traces and changes.

Beyond traditional telemetry, OpsCruise adds a unique eBPF-based flow feature that builds real-time topology, and a novel TracePath technology that makes distributed tracing usable by infrastructure and operations teams. By bringing everything into one place, app teams do not have to swivel across multiple tools from CI/CD, Kubectl tools and monitoring tools to understand and analyze the state of their applications.

In addition, to address temporal blindspots such as those from auto-scaling, OpsCruise provides a time travel feature that retains snapshots of the past so DevOps can look back in time to visualize changes that are often the source of problems.

“Red Hat OpenShift is supported by a robust partner ecosystem, extending the power of cloud-native application development and open source innovation across the hybrid cloud. With the OpsCruise observability platform certified to run on Red Hat OpenShift, customers can experience added security capabilities to further bolster their Kubernetes workflows and achieve real business results,” said Mark Longwell, director, Hybrid Platforms Business Unit, Red Hat.

Recommended AI News: Fountain Launches a New Conversational AI Feature to Streamline the Entire Hiring Funnel

OpsCruise on Red Hat OpenShift can be installed on-premises and in the cloud with Azure Red Hat OpenShift or Red Hat OpenShift Service on AWS. OpsCruise supports all of these options, so customers can now leverage OpsCruise observability anywhere they use Red Hat OpenShift. With instantaneous full-stack visibility and ability to detect and isolate problems with OpsCruise, DevOps teams can now more quickly identify sources of problems such as application SLO breaches caused by hard to find long chain dependencies on a failed service resulting from an incorrect Kubernetes configuration.

“Like Red Hat, OpsCruise has many large complex enterprise customers, so certifying our observability platform on Red Hat OpenShift was a no-brainer, ” said Scott Fulton, Co-Founder & CEO of OpsCruise. “We look forward to continued collaboration with Red Hat to serve customers together.”

Recommended AI News: Granite Expands Partnership with Connectbase

The post OpsCruise Observability Platform Certified on Red Hat Openshift, Further Extending its Leadership in Cloud-Native Observability appeared first on AiThority.

groundcover, a start up with a mission to reinvent the cloud-native application monitoring domain with eBPF, launches Caretta  an OSS tool which helps teams instantly create a visual network map of the services running in their cluster. Caretta leverages eBPF technology to collect data in an efficient way and is equipped with a Grafana Node Graph dashboard to quickly display the dynamic map of the cluster.

The main idea behind creating Caretta is gaining a clear understanding of the inter-dependencies between the different workloads running in the cluster which is an otherwise very complicated task.
Caretta maps all service interactions and their traffic rates, leveraging Kubernetes APIs to create a clean and informative map of any K8s cluster which can be used for on-demand granular observability, cost optimization, and security insights, allowing teams to quickly reach impactful insights such as identifying central points of failure or pinpointing security anomalies.

Recommended AI: Top 10 Countries and Cities by Number of CCTV Cameras

Caretta is part of the mission of cloud-environment observability tools – no APM product is complete without network tracing capabilities, and the aggregated data from these traces can help answer many critical questions. Carreta does exactly that and fits those cases where you want a minimal, fast and ad-hoc solution that can help you right now.

Recommended AI: “Bitcoin Has No Intrinsic Value”. Then What Gives Bitcoin Value?

groundcover is a K8s application monitoring solution that reinvents the domain with eBPF. Built for modern production environments, it covers everything yet stores only what matters, allowing teams to scale away without worries. Founded in 2021 by Shahar Azulay (previously ML Manager, Apple) and Yechezkel Rabonivich (previously Chief Architect, CyberMDX). The two served together in an elite cyber unit in the Israeli Prime Minister’s office where they dealt with frustration caused by APM issues. The company has raised $24.5M to date from VCs such as Zeev Ventures, Angular Ventures, Heavybit and Jibe Ventures.

Recommended AI: How is Artificial Intelligence (AI) Changing the Future of Architecture?

[To share your insights with us, please write to sghosh@martechseries.com]

The post Groundcover Launches Oss Cluster Map appeared first on AiThority.

Tigera, provider of the industry’s only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers and Kubernetes, announced several new capabilities that help reduce an application’s attack surface. These capabilities include security policy recommendations for namespaces, FIPS compliance for use by federal agencies, and new and improved dashboards for faster troubleshooting.

The Security Policy Recommender has long been a useful tool for security-focused Calico users to identify and deploy granular network security policies for improved security at the pod level. Policy development requires an advanced understanding of microservices that are interacting with and depending on each other, microservices with vulnerabilities, those that need to communicate outside the cluster, and those that are accessing sensitive data. The Security Policy Recommender empowers organizations that lack the expertise to build granular policies by accounting for this information to help users avoid outages and increased vulnerabilities during policy development.

Recommended AI: Top 10 Countries and Cities by Number of CCTV Cameras

The latest iteration of the Security Policy Recommender recommends policies at the namespace level in addition to policies at the pod level. This benefits users interested in multi-tenant architectures and workload isolation by enabling them to implement microsegmentation without any detailed knowledge of application-level changes. Overall, this update increases team productivity by enabling users – no matter their expertise – to take advantage of automated policies to improve the security posture of their Kubernetes clusters.

The latest Calico update also enables users to become FIPS compliant, a standard that is required of customers that serve federal agencies. To satisfy compliance requirements and make the platform accessible to more users, Calico now offers a FIPS-compliant installation/deployment mode so that customers can meet FedRAMP requirements when using EKS or similar platforms for managed Kubernetes services.

“These platform updates demonstrate Tigera’s commitment to serving customers of all sizes and needs,” said Amit Gupta, Chief Product Officer, Tigera. “Instead of building a tool for the largest share of the market, our team is constantly iterating to ensure the platform is accessible, useful, and responsive to everyone from small teams to large enterprises. Security and compliance are critical considerations for organizations, and we look forward to seeing our customers put these new capabilities to use in pursuit of more resilient and compliant architectures.”

Recommended AI: How is Artificial Intelligence (AI) Changing the Future of Architecture?

[To share your insights with us, please write to sghosh@martechseries.com]

The post Tigera Introduces Calico Security Policy Recommender Improvements and FIPS Compliance to Help Reduce Application Attack Surface appeared first on AiThority.

Tigera, provider of the industry’s only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers and Kubernetes, announced enhancements to its cluster mesh capabilities for managing multi-cluster environments with Calico. As large and leading-edge enterprises accelerate deployments to enhance their services at scale, they have encountered management challenges that can put their environments at risk. Calico provides an operationally simple solution to create a Kubernetes cluster mesh to ensure enterprise infrastructure can run multi-cluster environments efficiently, securely, and compliantly – no matter its complexity.

Organizations increasingly rely on multiple clusters for reasons ranging from high availability, disaster recovery, and application isolation, to phased upgrades and migration. However, the introduction of additional clusters also brings an entirely new set of security challenges for enterprises. Because Kubernetes does not natively support inter-cluster communication, it is difficult to manage basic environment functions such as service discovery, observability, compliance, and network and security policy control.

Recommended AI: “Bitcoin Has No Intrinsic Value”. Then What Gives Bitcoin Value?

Calico addresses these issues by providing a centralized multi-cluster management plane to enable security, observability, and networking management across multiple clusters in hybrid and multi-cloud environments. Calico brings the same capabilities expected from single cluster environments to those with multiple clusters, enabling Calico to scale to any enterprise’s needs. The Calico Service Mesh offers significant advantages for multi-cluster environments, including:

• Unified security policy controls: Complex digital transformation initiatives have led to phased infrastructure modernization, and it is common for legacy services on VMs and hosts to run alongside modern microservices in containers. Calico provides a unified policy framework that works across bare metal, hosts, VMs, and containers to enable legacy and modern environments to co-exist seamlessly.
• Unified network security management: Calico provides capabilities to manage network security across all Kubernetes clusters. These include centralized logins, points of control, log management, troubleshooting tools, storage management, compliance reporting and more.
• Federation: Calico enables users to create policies in one cluster that reference pods in another cluster using federated identity. Federated services further provide service discovery of remote pods in another cluster. With these two features, users can regain control of multi-cluster security through fine-grained controls across endpoints, tiers, and both remote and local microservices.
• Observability and troubleshooting: Calico offers visibility into service-to-service communication in a resource-efficient and cost-effective way through Kubernetes-native Dynamic Service and Threat Graph visualizations. No matter which data plane a team uses (standard Linux iptables, Windows, or eBPF), Calico provides observability, traffic flow management, and control.
• Encryption and Zero Trust: Calico leverages the latest in crypto technology to offer encryption for data in transit. As a result, Calico’s encryption provides robust security while also allowing visibility into workload communication. Further, Calico’s advanced zero-trust security policy engine reduces the application’s attack surface through machine learning that combats runtime security risks from known and zero-day threats by prioritizing and mitigating the risks from vulnerabilities through security policy changes.

Recommended AI: Top 10 Countries and Cities by Number of CCTV Cameras

Calico is supported across all major cloud providers and Kubernetes distributions, empowering industry-leading companies to operate at scale with the security solutions they need to keep pace with modern innovations.

“Calico provides an elegant and simple solution for organizations running complex, large, and leading-edge Kubernetes environments,” said Ratan Tipirneni, President and CEO of Tigera. “With Calico, you can support a Kubernetes Cluster Mesh to unlock a new level of scale for Kubernetes environments so enterprises can spend less time on day-to-day security, compliance, and network performance concerns and more time on service delivery.”

Recommended AI: How is Artificial Intelligence (AI) Changing the Future of Architecture?

[To share your insights with us, please write to sghosh@martechseries.com]

The post Tigera Enhances Calico’s Cluster Mesh Capabilities to Simplify Management and Security of Multi-Cluster Deployments Across Hybrid and Multi-Cloud Environments appeared first on AiThority.