Overview
Calico Cloud enables organizations to prevent attacks using zero trust, and to detect, troubleshoot, and automatically remediate exposure risks from security issues in build, deploy, and runtime stages across multi-cloud and hybrid deployments. It works across multiple dataplanes starting from eBPF, Linux, Windows, VPP. Calico Cloud is built on Calico Open Source, the most widely adopted container networking and security solution.
-
Container Security: Protect containers during development and production. Reduce attack surface with vulnerability and misconfiguration detection. Provide runtime protection from known threats and zero-day vulnerabilities.
-
Zero-trust workload security: Reduce attack surface with zero-trust workload access and identity-aware microsegmentation. Prevent ransomware, APTs, and DDoS attacks with Calico Cloud workload-level security controls.
-
Compliance: Cloud-native application compliance for major standards. Continuously monitor compliance with daily, weekly, and monthly audit reports.
-
Observability & Troubleshooting: Monitor and troubleshoot service performance in real time. In case of a breach or vulnerability, get instant granular information on compromised services and evaluate blast radius.
Highlights
- Reduce attack surface with zero trust: - Enabling users to enforce zero-trust workload access - Identity-aware micro-segmentation for workloads - Universal Firewall integration - Envoy-based application-level security
- Detect known and unknown threats: - Protect workloads from container and network based threats - Workload-based WAF, IDS/IPS with Deep packet inspection, DDoS attack protection - ML-based Zero-day workload threat identification - Vulnerabilities and Malware protection
- Automatic risk mitigation: - Dynamic Service and Threat Graph - Dynamic Packet Capture - Security policy recommender - Admission Controller - Security Policies to Alert, Pause, Quarantine, Terminate
Details
Pricing
Dimension | Description | Cost/month |
---|---|---|
Free Trial Subscription | First month free, Cancel Anytime | $0.00 |
Pro Subscription | Billed at $0.08/node hour and includes 200GB of ingested log data | $58.00 |
Starter Subscription | Billed at $0.05/node hour and includes 100GB of ingested log data | $36.50 |
The following dimensions are not included in the contract terms, which will be charged based on your usage.
Dimension | Cost/unit |
---|---|
Pro Node Hour (Up to 4 vCPU in each node) | $0.08 |
Starter Node Hour (Up to 4 vCPU in each node) | $0.05 |
Additional Ingested Log Data per GB | $0.25 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
24x7 for Calico Cloud Pro. 8:00 am - 5:00 pm PT on US business days for Starter. The complete support policy is here: https://www.tigera.io/legal/calico-cloud-support-policy . calicocloud-support@tigera.io
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Security at its finest
Sr. DevOps Engineer
Great solution for managing network policy and image scanning
Great Container Security Solution with zero trust security approach
It's a painless implementation process and easy quick to setup. Calico Cloud offers full package of container security features, e.g. runtime security, intrution detections, in-cluseter waf, observability, etc. more than just advanced network policy.
Tigera support is knowledgable and the provided training videos help quickly get familiar with its observability tooling and troubleshooting processes.
network policy constructions user experience requires lots of domain knowledge, this might be difficult for beginners.
wireguard & l7 logging configs conflicts happened before, hopefully it will be resolved in the near future.
the dashboard has lots of information and might be confusing when you use it at the begining, it's a bit complex to use it and understand the end to end troubleshooting process
A very good CNI solution, with some shortcomings
Installation is quick, and thanks to a well-documented set of CRD resources, configuration is also pretty straightforward.
Calico also bundles the whole Tigera security/observability suite, which comes in handy to write more complex network policies which extend to hosts. The built-in manager web UI is also useful to quickly visualise what policies are deployed in any environment.
The current network policy implementation, although solid, also suffers from limitations in terms of the selectors, which can lead to some rather complex workarounds. Also, the manager web UI is very limited and will not help a lot when troubleshooting denied flows. Most of the time, learning to use Kibana which is part of the installation and writing KQL queries will be more useful.
Although installation is easy, uninstalling Calico can be a bit difficult as the Tigera operator does not clean the installed resources. You will have to locate the remnants yourself, and delete them.