The challenges companies face regarding private and professional data protection are more important today than ever.
In the modern enterprise, cloud computing and the use of cloud-native architectures enable unmatched performance, flexibility, velocity, and innovation. However, as digitalization pushes applications and services to the cloud, cyber criminals' intrusion techniques have become increasingly sophisticated. To stay current with advancing technologies, doubling or tripling security measures is a must.
To understand the critical need for advanced cybersecurity measures, we turned to an expert in the industry, Ratan Tipirneni, President and CEO of Tigera – a company providing active, zero-trust-based security for cloud-native applications running on containers and Kubernetes.
How did the idea of Tigera originate? What has your journey been like so far?
It was over six years ago that Tigera created Project Calico, an open-source container networking and security project.
As containers and Kubernetes adoption grew and organizations started using Kubernetes at scale, Tigera recognized the industry’s need for more advanced security and observability. Tigera has since grown from the Project Calico open-source project to a container security innovator that now supports many Fortune 100 companies across the globe.
Tigera’s continued success comes from listening to customers’ needs, understanding where the industry is heading — and staying one step ahead.
Can you introduce us to your active security platform? What are its key features?
Tigera offers the only solution that takes an active approach to container security. It focuses on prevention and risk mitigation throughout the application lifecycle. That's from development through production. Competing solutions are reactive and focused on vulnerability detection, threat detection, and alerting. Whereas, Tigera’s solution uses a prevention-centric approach that combines prevention and risk mitigation with detection.
Rather than just identifying vulnerabilities and threats, it actively prevents attacks and mitigates risk by applying a zero-trust security approach to reduce the attack surface and prevent the lateral movement of threats, thereby safeguarding sensitive data.
Tigera’s prevention-centric, active security is a three-layered approach. It starts with zero-trust controls to reduce the application attack surface through threat prevention. Using this as a foundation, we layer on a mechanism to continue monitoring for and detecting known and unknown threats. Then we layer on dynamic mitigation strategies. Sequencing our security approach like this is crucial to securing containers and cloud-native applications.
Calico Cloud embodies our active approach by bringing zero-trust principles to reduce attack surfaces. It harnesses machine learning to combat runtime security risks from known and zero-day threats through continuous compliance. It prioritizes and mitigates risks from vulnerabilities through continuous security policy recommendations. The foundational container security features available in Calico Cloud include:
- Workload security posture management – Users can scan images and configure the admissions controller to block the deployment of vulnerable images. Platform engineers can harden their Kubernetes configuration using CIS benchmarks and improve the security posture of their workloads with data-in-transit encryption, micro-segmentation, egress access controls, and integration with firewalls.
- Runtime workload protection – Protect workloads from known attackers with capabilities such as workload-based IDS/IPS, WAF, DDoS protection, and malware detection using file hashes.
- Runtime threat detection – Out-of-the-box detector to detect container and network-based attacks based on granular container and network activity.
- Observability and incident response – Users can use the Dynamic Service and Threat Graph to track vulnerabilities. They can get alerted when attacked, and deploy risk mitigation controls to reduce risk.
The manual approach of legacy security tools was never a viable solution to the ballooning threats organizations face today. A key tool in Tigera’s security arsenal is Calico Runtime Threat Defense. It brings the intelligence, automation, and continuous protection that security teams need to level the digital playing field. Thus, ensuring a defensive posture that's effective in preventing breaches.
Unlike traditional runtime threat detection platforms, Calico Runtime Threat Defense for containers and Kubernetes continuously monitors and analyzes network and container behavior for Indicators of Attack (IOA), without the need for writing complex rules, freeing up valuable resources that would otherwise be spent on writing and maintaining security rules.
Calico’s global threat intelligence feed integrates with AlienVault and other threat intelligence providers to alert and block attacks from known malicious actors. This fully automated approach, which combines signature and behavior-based techniques to detect container and network-based attacks, is also more accurate and reliable than manual rule-based systems.
While most solutions get plagued with hard-to-trace false alarms, Calico’s real-time alerts provide a rich context for the potential threat. It also suggests mitigation steps. These steps include policy recommendations, such as quarantining the infected pod.
That's useful for organizations that need more resources to interpret security data. Through clear and actionable guidance, Calico Runtime Threat Defense helps organizations respond to security threats in a timely and effective manner.
To improve security at the pod level, Calico offers continuous and granular security policy recommendations. Policy development requires an advanced understanding of microservices. That includes microservices that interact with and depend on each other, ones that need to communicate outside the cluster, those that are accessing sensitive data, and even those that may have vulnerabilities.
The Security Policy Recommendations feature empowers organizations that lack the expertise to build granular policies by accounting for this information to help users avoid outages and increased vulnerabilities during policy development.
The latest iteration of the Security Policy Recommendations feature recommends policies at the namespace level in addition to policies at the pod level. This benefits users interested in multi-tenant architectures and workload isolation. It enables them to use micro segmentation without any detailed knowledge of application-level changes.
This capability increases team productivity by allowing users – no matter their expertise – to take advantage of automated policies to improve the security posture of their Kubernetes clusters.
Calico Cloud provides a unique solution that helps prevent and detect threats. It also aids in mitigating risk to containers and Kubernetes environments across build, deploy, and runtime stages. Calico’s robust container security features give users a single container security solution. One that improves security posture, reduces the attack surface with fine-grained security controls, and provides threat defense from any network or host-based threats.
Open source is an important part of Tigera. Would you like to share more about your vision?
Tigera is the creator and maintainer of Calico Open Source. It's the most widely adopted networking and security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms. That includes Kubernetes, OpenShift, Docker EE, OpenStack, and bare metal services. Calico Open Source offers a choice of data planes.
Options include a pure Linux eBPF data plane, a standard Linux networking data plane, and a Windows HNS data plane,enabling adoption for any user. Tigera continues to build its commercial solution and remains dedicated to Calico Open Source and the open source community as a whole.
The original Project Calico engineering team founded Tigera. Our commitment is to maintain Calico Open Source as the leading standard for container and Kubernetes networking and security. All while offering Kubernetes-native, full-stack security and observability capabilities to commercial users looking for a pay-as-you-go managed cloud service or a self-managed, on-premises platform.
Tigera has a rich history in Calico Open Source. Our container networking and security solution powers more than 100M containers and half a million clusters across 2M+ nodes in 166 countries. Calico Open Source has served as a foundation for zero-trust workload security for tens of thousands of companies. We’ve proven we know how to scale. Plus, many companies are already using Calico.
A lot of zero trust needs to be built on a strong foundation of networking, where we are an industry leader. We’ve leveraged this, along with lessons learned over the years, as a foundation to build out our zero-trust capabilities. That, combined with the expansion of our already impressive threat detection and mitigation capabilities, led to the industry’s most comprehensive active security platform with full-stack observability for containers and Kubernetes.
How do you think the recent global events affected the way people approach cybersecurity?
The lasting impact of the Covid-19 pandemic has increased our collective reliance on technology. It has accelerated digitalization at an unprecedented rate. The speed of innovation has driven significant advancements across industries. As digitalization continues pushing applications and services to the cloud, bad actors' intrusion techniques have also become more sophisticated.
We have all seen the headlines. Companies in the public and private sectors are hit with cyberattacks regularly. Ransomware and Ransomware-as-a-Service will forever be a threat to both small businesses and enterprises. Data has value, and cybercriminals know they can exploit this for monetary gain. The increasing availability of Ransomware-as-a-Service, a model which offers bad actors sophisticated vulnerability distribution while isolating them from the risks of the trade, will lead to a worsening security situation for unprepared companies.
The combined effect of threats and poorly secured deployments will lead to high-profile breaches. It's critical for enterprises to go beyond the baseline regulations and begin to make security a foundational effort. The burgeoning threat landscape is top of mind for enterprises, mid-market businesses, and security leaders. In fact, it should lead their decision-making – from the right solutions to use to the right partners to engage.
What would you consider the main challenges developers run into nowadays?
For years, balancing security with innovation and rapid development and deployment has been challenging for developers. But, there's a fallacy that developers and security teams have different priorities. For developers getting code out and for security teams ensuring it’s secure.
In reality, developers and security teams are working toward the same goal: meeting business goals and maintaining development and deployment speed while prioritizing security to keep everything stable. That does come with challenges. But, collaboration between developers, engineers, security teams, and business leaders leads to better outcomes.
A few core best practices are: adopting tools and implementing processes that make security part of the developer workflow, encouraging partnerships between developer and security teams to achieve security and compliance, and having business conversations that address cybersecurity strategies and tactics. All this can turn challenges into opportunities.
Why do you think organizations often fail to see the full scope of their attack surface?
Cloud-native application adoption combined with open-source software, agile development approaches, and limited skilled personnel has resulted in the number of potential vulnerabilities rising faster than any company could possibly address them.
This underscores the importance of organizations implementing tools that not only help address this widening security gap by detecting vulnerabilities and zero-day threats, but go far enough to reduce attack surface and mitigate risks threatening business operations.
What are the best practices companies should follow when developing and launching applications?
Best practices for ensuring containers remain secure during build, deployment, and runtime are key. Container environments are dynamic and need continuous monitoring, observability, and security.
For example, a common Kubernetes mistake is failing to treat container security as a continuous practice. Deprioritizing integrating security into the entire development and deployment cycle has consequences. For example, while “shift left" models have played an important role in increasing the security and resilience of deployments, the industry pendulum has swung too far.
Many enterprises believe that runtime security is unnecessary if they put enough resources into planning and testing. The reality is a breach is a matter of when not if. Security teams must ensure their runtime security tools are fast enough to identify and mitigate any intrusion attempts.
Talking about personal cybersecurity – what measures should everyone implement to protect themselves from emerging threats?
While consumer and personal cybersecurity measures may look different than those used by enterprises, the fundamentals are the same. For consumers and enterprises alike, basic password hygiene is an essential and simple cybersecurity measure to practice.
Stolen credentials are the leading cause of identity theft and breaches. It's been that way for years. Use strong and unique passwords for each account, and enable Multi-Factor Authentication (MFA) when and wherever possible.
What does the future hold for Tigera?
Senior leaders at Tigera keep their ears to the ground. They interact with and listen to customers, partners, and the community as part of their daily routine.
They watch for the next big innovation and continue improving the customer experience while ensuring Calico remains world-class and meets the new and ongoing needs of today’s technology and security professionals.