Calico

Calico provides comprehensive container and Kubernetes network security through advanced network policy enforcement, zero-trust networking, and runtime threat defense. Built on the widely-adopted open-source Calico project, the platform adds enterprise security features including workload access controls, runtime threat detection, security policy management, and detailed observability. Calico enforces Kubernetes Network Policies with fine-grained control over pod-to-pod communication, enabling microsegmentation and zero-trust architectures that limit lateral movement within clusters. The platform includes vulnerability management with container image scanning and risk prioritization, compliance automation for CIS Benchmarks and regulatory frameworks, and integration with threat intelligence feeds for proactive defense. Advanced networking features include DNS policy enforcement to control domain-based access, egress gateway support for controlling outbound traffic, encrypted WireGuard tunneling for secure pod-to-pod communication, and federated identity integration with enterprise IAM systems. Calico provides detailed flow logs and network visualization for troubleshooting, forensics, and security investigations. The platform supports multi-cluster deployments across hybrid and multi-cloud environments including AWS, Azure, GCP, and on-premises data centers. Calico integrates with service meshes like Istio for application-layer security and observability. Available in open-source, cloud-hosted (Calico Cloud), and enterprise self-hosted (Calico Enterprise) editions.