|
By Alister Baroi
In The Five Pillars of AI Agent Accountability: A Diagnostic Framework for Engineering Leaders, we walked through each pillar of AI agent accountability (traceability, authorization provenance, identity and ownership, policy at scale, and human oversight) and argued that most enterprises today sit at Level 0 or Level 1 of the Accountability Maturity Model. The most common reaction we get when we share that framework is some version of: “We’re already covered. We have network policies.
|
By Dillon Barry
Two platforms, two teams, two procurement relationships, all doing one job. There’s a reason it ended up this way. There isn’t a reason it has to stay this way. Ask anyone at a typical enterprise why the VM platform and the container platform are separate, and they’ll give you a sensible answer. The VM estate has been there for fifteen years. It runs the workloads the business depends on.
|
By Alister Baroi
You’re in a board meeting. The CISO is presenting on AI risk. The CFO asks a simple question: “When that finance agent we deployed last quarter accessed a customer payment record, can we tell who authorized it, what policy permitted it, and produce the full audit trail?” The CISO looks at the head of the platform. The head of the platform looks at security. Nobody answers. If you can picture that meeting happening at your company, you’re not alone.
|
By Veronika Smolik
Running VMs in Kubernetes sounds like a crazy workaround for avoiding vendor lock-in, and standardizing legacy applications and newer containerized workloads on one control plane with one set of security policies to govern them all. It is, however, a rapidly growing pattern, and KubeVirt live migration — moving running VMs between nodes without downtime — is increasingly central to platform engineering use cases that require full VMs, like on-demand CI/CD pipelines.
|
By Alister Baroi
Every enterprise is building AI agents. Marketing has one summarizing campaign performance. Engineering has one triaging incidents. Customer support has one resolving tickets. Finance has one processing invoices. Each was built by a different team, using a different framework, with different assumptions about security. Now those agents are talking to each other through agent-to-agent (A2A) communication. The incident-triage agent calls the customer-support agent to check affected accounts.
|
By Reza Ramezanpour
We’re excited to announce the release of Calico Open Source v3.32! This release corresponds with Kubernetes v1.36 (Codename Haru) and it goes beyond just sharing a cat as the mascot of the release, it actually extends capabilities and features of Kubernetes to keep you up to date with the latest innovations of the cloud. This release brings some of the most significant architectural changes in Calico, from live-migrating KubeVirt VMs to eBPF based Maglev load balancer.
|
By Veronika Smolik
It was 11:47pm on a Thursday night, and a senior platform engineer at a large North American bank was rolling back a ‘simple’ configuration change. The change itself was small, a routine update approved through the usual review process, but when it was applied, pods began cycling and connections started dropping. For the next three seconds, mobile banking sessions already mid-transaction dropped. Customer support lit up.
|
By Dillon Barry
Here is what nobody putting together the business case for a VM migration to Kubernetes will tell you upfront: the compute is the easy part. Moving workloads off vSphere and onto Kubernetes is conceptually straightforward. The tooling has matured. The architecture is proven. Compute moves, storage remaps, and the platform team has a plan. The network is where projects quietly stall.
|
By Dillon Barry
Organisations are re-evaluating their VM infrastructure. The economics have shifted, the tooling has matured, and the case for running two separate platforms, one for containers, one for VMs, is getting harder to justify. Platform teams that spent years managing hypervisor infrastructure are being asked to consolidate, and most are landing on the same answer: Kubernetes. KubeVirt makes running VMs on Kubernetes possible.
|
By Laura Ferguson
Why accountability, not capability, is the real bottleneck for enterprise agentic AI, and what security leaders need to do about it before regulators force the issue. Every enterprise is building AI agents. Marketing has one summarizing campaign performance. Engineering has one triaging incidents. Customer support has one resolving tickets. Finance has one processing invoices.
|
By Tigera
Tigera provides the industry’s only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers, Kubernetes, and cloud. Calico prevents, detects, troubleshoots, and automatically mitigates exposure risks of security issues in build, deploy, and runtime stages across multi-cluster, multi-cloud, and hybrid deployments. Calico works with popular managed Kubernetes services such as AKS, EKS, and GKE, as well as self-managed Kubernetes distributions including Red Hat OpenShift, SUSE/Rancher, VMware Tanzu, and Mirantis.
|
By Tigera
Early adoption of Kubernetes came with its set of challenges for Box, that led to innovative solutions & learnings. In this session, the speaker will take you through some of those solutions around Kubernetes Observability & best practices which will make your Kubernetes journey easier.
|
By Tigera
Technologies come, and technologies go. Sadly, we're not all riding Segways to work! Calico was designed with change in mind and is adaptable, supporting different data plane technologies with different goals. In this talk, we'll cover.
|
By Tigera
Calico/VPP data plane renderer was introduced as Tech Preview in Calico 3.19 for Kubernetes. It leverages the FD.io/VPP userspace data plane which brings great benefits in terms of performance and flexibility for large-scale Kubernetes clusters. Thanks to its fast IPSec & Wireguard implementation, it makes it possible to provide intra-cluster full mesh crypto without compromising performance. Beyond performance, it implements differentiated features like MagLev based load balancing with DSR for k8s services making it a good choice for large-scale applications having strong high availability requirements. This is the first release but moving forward, it will provide support for superfast packet-oriented virtual interfaces as well TCP/UDP/Quic stack to applications having extreme networking performance.
|
By Tigera
Learn how eBPF will bring a richer picture of what's going on in your cluster, without changing your applications. With eBPF we can safely collect information from deep within your applications, wherever they interact with the kernel. For example, collecting detailed socket statistics to root-cause network issues, or pinpointing the precise binary inside a container that made a particular request for your audit trail. This allows for insights into the behavior (and security) of the system that previously would have needed every process to be (manually) instrumented.
|
By Tigera
How can you scale your organization without losing an understanding of your environment? Services mesh is here to help! It gives you the observability of connected services and is easier to adopt than you might think. Come and learn service mesh concepts, best practices, and key challenges.
|
By Tigera
Attackers are continuously evolving their techniques to target Kubernetes. They are actively using Kubernetes and Docker functionality in addition to traditional attack surfaces to compromise, gain required privileges and add a backdoor entry to the clusters. A combination of Kubernetes security and observability tools is required to ensure the cloud infrastructure monitoring and lockdown and to enable DevSecOps teams with the right tools for the job.
|
By Tigera
Through practical guidance and best practice recommendations, this book will help you understand why cloud-native applications require a modern approach to security and observability practices, and how to adopt a holistic security and observability strategy for building and securing cloud-native applications running on Kubernetes.
|
By Tigera
A step-by-step eBook covering everything you need to know to confidently approach Kubernetes networking, starting with basic networking concepts, all the way through to advanced Kubernetes networking with eBPF.
|
By Tigera
This whitepaper explains five best practices to help meet network security and compliance requirements for modern microservices stack.
|
By Tigera
Discover how Tigera can help you achieve a scalable, secure, and compliant approach to containers on AWS.
|
By Tigera
This guide contains detailed technical instructions on how to install and configure network security on Kubernetes platforms.
|
By Tigera
Tigera commission an unbiased, third-party research firm to speak with enterprise security professionals to understand the state of network security with modern applications.
|
By Tigera
OpenShift provides a declarative, automated platform to integrate developer workflows into application deployments leveraging open source building blocks such as Kubernetes.
|
By Tigera
Applying a uniform policy framework allows enterprises to achieve consistent network policy across multiple container orchestrators.
|
By Tigera
Using simplicity to deliver the performance, stability, and manageability for application connectivity at scale in cloud native platforms such as Kubernetes.
- May 2026 (7)
- April 2026 (5)
- March 2026 (8)
- February 2026 (3)
- January 2026 (4)
- December 2025 (6)
- November 2025 (5)
- October 2025 (5)
- September 2025 (2)
- August 2025 (2)
- July 2025 (2)
- April 2025 (3)
- March 2025 (1)
- February 2025 (3)
- October 2024 (1)
- September 2024 (2)
- August 2024 (1)
- July 2024 (3)
- June 2024 (2)
- May 2024 (5)
- April 2024 (2)
- March 2024 (2)
- February 2024 (2)
- December 2023 (3)
- October 2023 (1)
- September 2023 (1)
- August 2023 (4)
- July 2023 (2)
- June 2023 (3)
- May 2023 (3)
- April 2023 (1)
- February 2023 (3)
- January 2023 (5)
- December 2022 (2)
- November 2022 (2)
- October 2022 (2)
- September 2022 (1)
- August 2022 (4)
- July 2022 (1)
- June 2022 (5)
- May 2022 (3)
- April 2022 (1)
- March 2022 (2)
- February 2022 (4)
- January 2022 (4)
- December 2021 (5)
- November 2021 (5)
- October 2021 (6)
- September 2021 (4)
- August 2021 (7)
- July 2021 (7)
- June 2021 (22)
- May 2021 (6)
- April 2021 (3)
- March 2021 (3)
- February 2021 (4)
- January 2021 (9)
- December 2020 (8)
- November 2020 (7)
- October 2020 (10)
- September 2020 (13)
- August 2020 (14)
- July 2020 (12)
- June 2020 (10)
- May 2020 (14)
- April 2020 (7)
- March 2020 (6)
- February 2020 (2)
- January 2020 (1)
- December 2019 (3)
- November 2019 (3)
- October 2019 (5)
- September 2019 (4)
- August 2019 (3)
- July 2019 (10)
- June 2019 (9)
- May 2019 (10)
- April 2019 (8)
- March 2019 (11)
- February 2019 (9)
- January 2019 (9)
- December 2018 (3)
- November 2018 (3)
- October 2018 (4)
- September 2018 (1)
- August 2018 (1)
- July 2018 (3)
- May 2018 (1)
Kubernetes is being adopted by every major enterprise on the planet for deploying modern, containerized applications. However, containers are highly dynamic and break their existing security models. Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.
Tigera’s technology is recognized and trusted as the de facto standard for Kubernetes network security. Our open source software, Tigera Calico, provides production-grade security, and our commercial offerings layer on advanced security capabilities, enterprise controls, and compliance reporting.
Kubernetes Requires a Modern Approach to Security and Compliance:
- Zero-Trust Network Security: With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.
- Continuous Compliance: Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.
- Visibility and Traceability: Applications running on Kubernetes Platforms have constantly changing IP addresses and locations that makes it impossible to use traditional flow logs to debug issues and investigate anomalous activity. The only accurate approach is to use Kubernetes labels and workload identity in your netflow logs.
- Multi-cloud and Legacy: Many applications running on Kubernetes will not be greenfield. Applications often need to communicate securely with other systems outside of the cluster, such as on-premises or cloud-based VMs, bare metal servers and databases. To achieve zero trust security for Kubernetes, your security policies must be capable of expanding beyond the cluster.
Zero Trust Network Security and Continuous Compliance for Kubernetes Platforms.