Google Cloud Security

Continuous Security for GKE Deployments

Alcide for Google Cloud Platform (GCP) provides a native security solution integrated with Google Kubernetes Engine (GKE). Our platform provides cloud discovery into the entire cloud topology and applications data flow, a Kubernetes Advisor agentless scanner that provides on-going security hygiene checks, and a behavioral anomaly threat detection engine that detects anomalous and malicious network activity.

Alcide Kubernetes Advisor running on GKE workloads providing security hygiene checks designed to ensure a secured development process before moving to production. The Alcide cluster hygiene Kubernetes Advisor scans the GKE target environment and detects the drifts in the cluster hygiene level and specifics in the software supply chain hygiene, resulting in a failed pipeline, so no exploits are found in Production stage.

Extending GKE Policies with Application-Aware Workload Policy – Workload level policies enforced at the Pod level policy engine implemented using eBPF and include the ability to define FQDN white lists, and workload level policy extends GKE policies is done through deployment/pod annotations. Alcide Policies allow developers to configure build-time security rules for Google services and external DNS names.

Threat Intelligence – detecting Pod level network activity with crypto-mining, command & control drop location, etc.

Threat detection & prevention -Machine-learning based microservice anomaly engine, to detect advanced network attacks – for example, DNS tunneling, and low and slow evolving attacks.

 

Kubernetes Advisor: Continuous Audit & Compliance of Kubernetes Clusters

The Alcide Advisor is a Continuous Kubernetes and Istio hygiene checks tool that provides a single-pane view for all your K8s-related issues: audit, compliance, topology, network, policies, and threats. This ensures that you get a better understanding and control of distributed and complex Kubernetes projects with a continuous and dynamic analysis. A partial list of the checks we run includes:

  • Kubernetes vulnerability scanning
  • Hunting misplaced secrets, or excessive secret access
  • Workload hardening from Pod Security to network policies
  • Istio security configuration and best practices

 

Start for Free