Tigera Enhances Calico to Bolster Observability and Security for Ingress Traffic

Updates include a built-in WAF for Calico Ingress Gateway to deliver robust ingress security, and policy recommendations for Calico Cloud Free Tier to streamline namespace isolation

SAN JOSE, Calif., Aug. 26, 2025 /PRNewswire/ -- Tigera, the creator of Project Calico, the most widely adopted container networking and security solution, today announced the introduction of several advancements to Calico to help organizations securely scale Kubernetes workloads with a single, unified platform. New capabilities include an integrated web application firewall (WAF) for Calico Ingress Gateway and policy recommendations for Calico Cloud Free Tier.

Fragmented solutions for managing and securing Kubernetes cause operational friction and expand an organization's attack surface. The latest enhancements to Calico enable organizations to implement consistent and adaptable security controls across distributed, multi-cluster Kubernetes environments without compromising operational speed.

Calico Ingress Gateway with Integrated WAF Functionality at Runtime

Kubernetes ingress traffic is a common entry point for attacks, making the ability to analyze application-layer protocols such as HTTP and gRPC for threats fundamental.

Calico Ingress Gateway now includes built-in WAF capabilities that enable organizations to inspect, authorize, and secure ingress traffic during runtime. The integrated WAF engine streamlines operations and reduces complexity by delivering consistent threat detection across both ingress points and internal services. It enables organizations to define and enforce security policies directly at the ingress gateway, allowing deep inspection of HTTP and gRPC traffic and proactively blocking known threats before they reach workloads.

Policy Recommendations for Calico Cloud Free Tier

Platform teams often lack visibility into service-to-service communication and workload interactions. This creates challenges when defining policies and introduces risks such as overly permissive or restrictive policies.

The latest updates to Calico combat this challenge. Calico Cloud Free Tier can generate network policy recommendations for Kubernetes clusters. Calico analyzes the flow logs that are generated from workloads, and automatically recommends staged policies for each namespace that can be used for isolation. These new capabilities enable platform and security teams to implement effective network segmentation without extensive experience in authoring network policies and workload communication.

Centralized Log Forwarding for Virtual Machines and Bare Metal Hosts

Organizations encounter operational challenges with the distributed nature of log forwarding on bare metal hosts and virtual machines (VMs) outside of Kubernetes. Without centralized log forwarding, configuring log forwarding to third-party data stores requires individual setup and authorization on each host or VM, hindering operational efficiency and adding additional costs.

Calico now supports centralized log forwarding for VM and bare metal hosts running outside of Kubernetes. With Calico, logs are collected at a central point, either at the management cluster or a standalone cluster that manages VM and bare metal hosts. From these centralized points, logs can be seamlessly forwarded to an organization's preferred external log store. This centralized approach to log forwarding significantly improves scalability and simplifies operations for large environments.

Improved Visualization in Calico Service Graph

Newly-improved iconography in Calico Service Graph also allows users to easily differentiate between Kubernetes cluster nodes and standalone VM and bare metal hosts that are running Calico outside of Kubernetes. This enhanced iconography groups and displays the two types of nodes separately and allows teams to automatically filter and view flow logs associated with these connections.

"As organizations scale their Kubernetes environments, many struggle to ensure security due to the siloed, disparate solutions used for Kubernetes security," said Phil DiCorpo, Senior Director of Product Management at Tigera. "Calico's new capabilities are a testament to our ongoing commitment to delivering a single, comprehensive platform that enables security across every aspect of the customer's Kubernetes journey."

To learn more about the latest innovations to Calico, please visit here.

About Tigera
Tigera provides Calico, a unified network security and observability platform to prevent, detect and mitigate security breaches in Kubernetes clusters. Tigera's open-source offering, Calico Open Source, is the most widely adopted container networking and security solution.
Powering more than 100M containers across 8M+ nodes in 166 countries, Calico software is supported across all major cloud providers and Kubernetes distributions, and is used by leading companies including Discover, Chipotle, NBCUniversal, HanseMerkur, Box, Siemens Healthineers, Playtech, Royal Bank of Canada, and Bell Canada.

Media Contact
Katherine Benfield
ICR for Tigera
[email protected]

SOURCE Tigera