A Winning Security Policy
Workload segmentation has always been an effective part of security and micro-segmentation is the evolution of traditional workload segmentation, and, in any of its forms, it offers incomparable security to organizations of all sizes.
Kubernetes and containers introduce a new kind of internal, micro-segmentation traffic aka east-west traffic, in addition to the well-known north-south, outside cluster communication. This can potentially have a major impact in case there is a breach and one of the microservices is compromised. Therefore, it is imperative to limit microservices communication with least privilege principles in order to minimise blast radius in case compromised.
With micro-segmentation, security policies become part of the “DNA” of a given workload and persist regardless of where and how they are deployed. Alcide’s application-aware micro-segmentation solution offers additional security by helping to secure the application configuration since it looks at behavior patterns of workloads to determine if workloads have been compromised, and then quarantines or terminates those workloads to prevent the spread of malware. It also interconnects with third-party software to grab awareness about what workloads are doing, and how they should be behaving. Alcide application-aware micro-segmentation is more than just manipulating firewalls or preventing the routing of packets.