Container Security When You Cannot Trust the Network Threats can exist within the underlying network, compromised infrastructure and workloads, as well as internal and external attackers. Tigera’s Zero Trust Security model does not trust services, the network, users, or any other resource in your environment. Tigera authenticates workloads via multiple sources of identity and then protects your application at multiple points of enforcement within the infrastructure. Tigera’s Zero Trust Security model is a layered defense that augments your existing network. Minimal or no changes are required to your existing network architecture. Cross-Cloud Compatible Container Firewall Tigera’s Zero Trust Security model supports hosts and VMs in the data center, multiple orchestrators, and is cloud provider agnostic. This abstraction enables uniform security policies that are portable across any environment you decide to run your workloads. Container Network Security for Microservice Architectures Tigera’s Zero Trust Security model authenticates the identity of each request based on multiple sources including the L3 network identity and x509 certificate-based cryptographic identity. Tigera’s declarative, intent-based security policies can incorporate multiple criteria based including network attributes, application layer attributes, and workload metadata. Dynamic Runtime Security for Containers Tigera’s container security policies enable granular rules that are enforced dynamically at runtime based on authenticated workload identity and metadata. This approach enables your organization to deploy containers securely on modern infrastructure without compromising on your security or compliance controls. Multilayer Security Policy The solution enables a single location for multi-layer enforcement with network and web application security policies. Multi-layer enforcement increases operations efficiency by reducing the need to write and manage multiple policies for different layers. In addition, Enterprise Calico Policy provides tiering and web application visibility capabilities beyond Open Source Calico Policy. Tiering capabilities enable enterprise teams to collaborate in a concurrent manner. Web application security insight helps meet security and compliance requirements. North-South Access Controls DNS Policies enable fine-grained access controls between individual Kubernetes pods and 3rd party APIs, SaaS platforms, and resources outside the cluster – on-prem and in the cloud.