Sold by: Tigera Inc.
Calico Cloud is a fully managed pay-as-you-go SaaS based Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for containers, Kubernetes, and cloud on AWS and EKS clusters.
Sold by: Tigera Inc.
Overview
Calico Cloud enables organizations to prevent attacks using zero trust, and to detect, troubleshoot, and automatically remediate exposure risks from security issues in build, deploy, and runtime stages across multi-cloud and hybrid deployments. It works across multiple dataplanes starting from eBPF, Linux, Windows, VPP. Calico Cloud is built on Calico Open Source, the most widely adopted container networking and security solution.
-
Container Security: Protect containers during development and production. Reduce attack surface with vulnerability and misconfiguration detection. Provide runtime protection from known threats and zero-day vulnerabilities.
-
Zero-trust workload security: Reduce attack surface with zero-trust workload access and identity-aware microsegmentation. Prevent ransomware, APTs, and DDoS attacks with Calico Cloud workload-level security controls.
-
Compliance: Cloud-native application compliance for major standards. Continuously monitor compliance with daily, weekly, and monthly audit reports.
-
Observability & Troubleshooting: Monitor and troubleshoot service performance in real time. In case of a breach or vulnerability, get instant granular information on compromised services and evaluate blast radius.
Highlights
- Reduce attack surface with zero trust: - Enabling users to enforce zero-trust workload access - Identity-aware micro-segmentation for workloads - Universal Firewall integration - Envoy-based application-level security
- Detect known and unknown threats: - Protect workloads from container and network based threats - Workload-based WAF, IDS/IPS with Deep packet inspection, DDoS attack protection - ML-based Zero-day workload threat identification - Vulnerabilities and Malware protection
- Automatic risk mitigation: - Dynamic Service and Threat Graph - Dynamic Packet Capture - Security policy recommender - Admission Controller - Security Policies to Alert, Pause, Quarantine, Terminate
Details
Pricing
Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for any usage exceeds the entitle amount or not covered in the contract. These charges will be applied on top of the contract price. If you choose not to renew or replace your contract before it ends, access to your entitlements will expire.
Dimension | Description | Cost/month |
|---|---|---|
Free Trial Subscription | First month free, Cancel Anytime | $0.00 |
Pro Subscription | Billed at $0.08/node hour and includes 200GB of ingested log data | $58.00 |
Starter Subscription | Billed at $0.05/node hour and includes 100GB of ingested log data | $36.50 |
The following dimensions are not included in the contract terms, which will be charged based on your usage.
Dimension | Cost/unit |
|---|---|
Pro Node Hour (Up to 4 vCPU in each node) | $0.08 |
Starter Node Hour (Up to 4 vCPU in each node) | $0.05 |
Additional Ingested Log Data per GB | $0.25 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
24x7 for Calico Cloud Pro. 8:00 am - 5:00 pm PT on US business days for Starter. The complete support policy is here: https://www.tigera.io/legal/calico-cloud-support-policy . calicocloud-support@tigera.io
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Ably Realtime
By Ably Realtime
Ably provides cloud infrastructure and APIs to help developers simplify complex realtime engineering. We make it easy to power and scale realtime features in apps, or distribute data streams to third-party developers as realtime APIs.
CIS Hardened Image Level 2 on Microsoft Windows Server 2016
By Center for Internet Security
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
Snowflake Data Cloud
By Snowflake
The Snowflake Data Cloud is a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance.
Get started today with a 30 day free trial which includes $400 worth of free usage.
F5 Rules for AWS WAF - API Security Rules
By F5, Inc.
Protects against API attacks, web attacks (such as XML external entity attacks) and server side request forgery. The rule set includes support for XML and JSON payloads, and common web API frameworks.
Customer reviews
Financial Services
Security at its finest
Reviewed on Oct 01, 2024
Review provided by G2
What do you like best about the product?
It is an easy and customizable way to use cloud based orchestration Kubernetes and to hae workflow editors to scale up, scale out, and focus on devsecops, Ioc's and malicious threat actors. This is thought of and done in the perspective of devsecops and cloud practitioners.
What do you dislike about the product?
Nothing - it is easy to use and not very hard to get value in time.
What problems is the product solving and how is that benefiting you?
Using Kubernetes in the form of devsecops and container runtime. Also cloud security posture management has been an important area.
Leave a comment0 comments
Computer & Network Security
Sr. DevOps Engineer
Reviewed on Sep 24, 2024
Review provided by G2
What do you like best about the product?
It is providing all insights in one place, you can visualize your data flowing and troubleshoot your network policy easily. Easy of implementation, customer support is very reliable,
What do you dislike about the product?
I can see other CNI vendors are using latest technologies but calico still using iptables. which makes your network slow in comparison to eBPF.
What problems is the product solving and how is that benefiting you?
It shows visibility of your network policies, and which make it easy to debug, because without it debug network blocked policy is nightmare.
Internet
Great solution for managing network policy and image scanning
Reviewed on Jul 31, 2024
Review provided by G2
What do you like best about the product?
The network policy recommendations are a great feature and provide an excellent starting point for policy generation. The network observability tool combined with the Kibana logs provides full visibility into what is happening with respect to allowed and denied traffic throughout the cluster. Calico Cloud makes managing network policy vastly easier. Tigera support is great; they have been very responsive.
What do you dislike about the product?
The pricing model is based on core counts, making it rather expensive both for compute-heavy clusters and for clusters that have a large number of smaller nodes. Registry scanning could be better integrated into the product.
What problems is the product solving and how is that benefiting you?
Calico Cloud enables us to easily view and manage network policy, and provides container image scanning within our clusters.
Edmond G.
Great Container Security Solution with zero trust security approach
Reviewed on Jul 30, 2024
Review provided by G2
What do you like best about the product?
Calico Cloud addressed various security challenges for container platform, it extended l7 network policy capabilities with powerful & fleaxible configuration options and by default support zero trust security model. This helps us to be able to manage calico configurations via both gitops platform & application ci/cd processes in a secure way to meet requirements from vairous teams without many operation overheads. This helps boost the team efficiency.
It's a painless implementation process and easy quick to setup. Calico Cloud offers full package of container security features, e.g. runtime security, intrution detections, in-cluseter waf, observability, etc. more than just advanced network policy.
Tigera support is knowledgable and the provided training videos help quickly get familiar with its observability tooling and troubleshooting processes.
It's a painless implementation process and easy quick to setup. Calico Cloud offers full package of container security features, e.g. runtime security, intrution detections, in-cluseter waf, observability, etc. more than just advanced network policy.
Tigera support is knowledgable and the provided training videos help quickly get familiar with its observability tooling and troubleshooting processes.
What do you dislike about the product?
alerting & 3-rd party integrations hopefully can be improved.
network policy constructions user experience requires lots of domain knowledge, this might be difficult for beginners.
wireguard & l7 logging configs conflicts happened before, hopefully it will be resolved in the near future.
the dashboard has lots of information and might be confusing when you use it at the begining, it's a bit complex to use it and understand the end to end troubleshooting process
network policy constructions user experience requires lots of domain knowledge, this might be difficult for beginners.
wireguard & l7 logging configs conflicts happened before, hopefully it will be resolved in the near future.
the dashboard has lots of information and might be confusing when you use it at the begining, it's a bit complex to use it and understand the end to end troubleshooting process
What problems is the product solving and how is that benefiting you?
protect N-S, W-E traffic and adding observabilities and container runtime protections
Ed M.
A very good CNI solution, with some shortcomings
Reviewed on Jul 11, 2024
Review provided by G2
What do you like best about the product?
Calico Cloud is a great CNI solution, versatile regarding the supported protocols it will easily scale in most cloud, hybrid, and on-prem deployments. The BGP backend makes it easier to manage routes at scale, and it can integrate with BGP-only layer 3 datacenter fabrics as well.
Installation is quick, and thanks to a well-documented set of CRD resources, configuration is also pretty straightforward.
Calico also bundles the whole Tigera security/observability suite, which comes in handy to write more complex network policies which extend to hosts. The built-in manager web UI is also useful to quickly visualise what policies are deployed in any environment.
Installation is quick, and thanks to a well-documented set of CRD resources, configuration is also pretty straightforward.
Calico also bundles the whole Tigera security/observability suite, which comes in handy to write more complex network policies which extend to hosts. The built-in manager web UI is also useful to quickly visualise what policies are deployed in any environment.
What do you dislike about the product?
There are some shortcomings with some of the enterprise features, some of them suffer from small bugs which still have not been solved. Although support is quick to react, it can take a long time to obtain a proper bug fix in a next release.
The current network policy implementation, although solid, also suffers from limitations in terms of the selectors, which can lead to some rather complex workarounds. Also, the manager web UI is very limited and will not help a lot when troubleshooting denied flows. Most of the time, learning to use Kibana which is part of the installation and writing KQL queries will be more useful.
Although installation is easy, uninstalling Calico can be a bit difficult as the Tigera operator does not clean the installed resources. You will have to locate the remnants yourself, and delete them.
The current network policy implementation, although solid, also suffers from limitations in terms of the selectors, which can lead to some rather complex workarounds. Also, the manager web UI is very limited and will not help a lot when troubleshooting denied flows. Most of the time, learning to use Kibana which is part of the installation and writing KQL queries will be more useful.
Although installation is easy, uninstalling Calico can be a bit difficult as the Tigera operator does not clean the installed resources. You will have to locate the remnants yourself, and delete them.
What problems is the product solving and how is that benefiting you?
Calico Cloud enables us to extend Kubernetes network policies, and unify the network security operations under a single Kubernetes-based declarative worflow. It provides a way to author, deploy, manage, and monitor security policies in any Kubernetes cluster.