Threat defense

Use real-time monitoring to detect and block threats to your cluster.

Security event management

Triage and manage security events from Calico Cloud connected clusters in the Security Events Dashboard, with filtering, exceptions, and recommended remediation.

Container threat detection

Detect malware hashes and suspicious container activity such as privilege escalation and command-and-control in Calico Cloud connected clusters with the managed eBPF threat detection engine.

Trace and alert on suspicious domains

Add threat intelligence feeds to Calico Cloud to detect DNS queries to suspicious domains from connected clusters and surface impacted pods in the anomaly dashboard.

Trace and block suspicious IPs

Add threat intelligence feeds to Calico Cloud to alert on flows to suspicious IPs in connected clusters and optionally block them with a dynamic deny-list policy.

Workload-based Web Application Firewall (WAF)

Protect cluster workloads from Layer 7 attacks with the Calico Cloud workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set.

Webhooks for security events

Configure Calico Cloud webhooks from the web console to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints.

Deploy a web application firewall with Calico Ingress Gateway

Step-by-step tutorial for deploying a Calico Cloud web application firewall with the Calico Ingress Gateway to protect publicly exposed services from Layer 7 attacks.

Deep packet inspection

Run deep packet inspection on selected workloads in Calico Cloud connected clusters with Snort community rules to alert on suspected malicious traffic.

Anonymization attacks

Detect anonymization activity in Calico Cloud connected clusters with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN dashboard in the web console.