Tigera’s new Calico features boost vulnerability remediation, enhance threat detection, and ensure OpenShift compatibility for stronger container security.
Tigera, the creator of Project Calico, announced several new features for Calico Cloud and Calico Enterprise. These enhancements improve the efficiency of remediating vulnerabilities in container images and ensure compatibility with the latest deployment options for OpenShift.
Almost every industry and vertical organization relies on containerized applications to run their business or deliver their products or services. Container orchestrators such as Kubernetes have become the engine for innovation, and as more business-critical applications run on these platforms, security has become paramount.
Tigera enables DevOps and platform engineering teams to address key requirements for improving the security of their container platforms. The latest release of Calico Cloud advances this initiative by introducing several new capabilities that simplify identifying high-risk container images, improve the signal-to-noise ratio for scanning, and tune container-based threat detection to specific customer environments.
Improved scanning mode that includes third-party vendor assessments
Security practitioners largely rely on the Common Vulnerability Scoring System (CVSS) to understand the severity of a vulnerability in a container image. However, sometimes, a trusted vendor may analyze vulnerabilities affecting their software. This may result in the vendor justifying lowering the severity and neglecting to provide a fix.
Now, Calico Cloud takes these vendor assessments into account by default to improve accuracy and will automatically adjust scan results so that teams can focus on remediation efforts on vulnerabilities that pose a risk to their environment.
Bulk exceptions available in Image Assurance
The new updates to Calico Cloud and Calico Enterprise also bolster managing the “noise floor” for vulnerabilities, allowing users to create exceptions with varying levels of scope in bulk via uploading a CSV file. This allows operators to tune their remediation efforts and focus their patching on vulnerabilities that pose the greatest risk to their environment. This CSV file can be generated for scan results using a combination of filters, which helps to streamline the process of creating exceptions and supports approval workflows that may exist outside of Calico Cloud.
Also Read: Windows Outages: A Wake-up Call for Network Resilience
Integration with Jira for delegating and tracking remediation
Jira is one of the most popular tools among DevOps and application teams for assigning and tracking work, from feature development to bug fixing or vulnerability remediation.
Calico Cloud integrates with Jira so operators can assign and track remediation directly from the Image Assurance UI. When a ticket is created from a scan result in Calico Cloud, all the relevant container images and vulnerability details are automatically attached so developers can quickly ascertain the work required for remediation.
Powerful new filtering capabilities
Image Assurance also includes powerful new filtering capabilities to segment scan results by over a dozen variables, including runtime and build time metadata. It enables users to achieve greater efficiency in vulnerability management for their cloud-native applications.
Customize and tune container-based threat detection
The enhancements to Calico Cloud also improve the accuracy and efficiency of detecting and responding to security events related to container-based threat detection. Administrators can now selectively choose which types of detectors to enable in their cluster, giving teams the ability to phase their deployment and tune and customize threat detection to their environment.
Calico Enterprise adds support for Hosted Control Planes in OpenShift
Calico Enterprise has also added support for Hosted Control Planes, a popular new deployment option for Red Hat OpenShift. Hosted Control Planes allow users to create control planes as pods on a hosting cluster without the need for dedicated virtual or physical machines for each control plane. This allows customers with multiple OpenShift clusters to significantly reduce the footprint and operational costs associated with these platforms.
Also Read: The Rise of Hybrid Cloud: Why Businesses Are Going All-In
“Tigera continues leading the effort to empower DevOps and platform engineering teams to address key requirements for improving the security of their container platforms,” said Amit Gupta, Chief Product Officer, Tigera. “Calico Cloud improves security posture with new vulnerability management capabilities at scale, and strengthens runtime security with real-time threat filtering, detection customization, and ITOps integrations. We’re pleased to bring our customers these new, critical capabilities.”
