Cloud Microsegmentation

A Winning Security Policy

Firewall at Scale

Workload segmentation has always been an effective part of security and micro-segmentation is the evolution of traditional workload segmentation, and, in any of its forms, it offers incomparable security to organizations of all sizes.

Kubernetes and containers introduce a new kind of internal, micro-segmentation traffic aka east-west traffic, in addition to the well-known north-south, outside cluster communication. This can potentially have a major impact in case there is a breach and one of the microservices is compromised. Therefore, it is imperative to limit microservices communication with least privilege principles in order to minimise blast radius in case compromised.

  • Multi-Cluster policy simplification & unification
  • Policy engine powered by eBPF, resulting in minimal utilisation on the resources
  • Microservices policy deployment for security and DevOps for seamless and frictionless operation
  • Expand Istio policy to a workload level segmentation

With micro-segmentation, security policies become part of the “DNA” of a given workload and persist regardless of where and how they are deployed. Alcide’s application-aware micro-segmentation solution offers additional security by helping to secure the application configuration since it looks at behavior patterns of workloads to determine if workloads have been compromised, and then quarantines or terminates those workloads to prevent the spread of malware. It also interconnects with third-party software to grab awareness about what workloads are doing, and how they should be behaving. Alcide application-aware micro-segmentation is more than just manipulating firewalls or preventing the routing of packets.

 

Alcide Runtime Security

Alcide Runtime Security covers the following capabilities: Threat detection and prevention, anomaly detection and prevention, and micro-segmentation.

Get ART