Identify abnormal administrative activity and compromised Kubernetes resources
Identifying the K8s workloads that contains sensitive information such as access to critical databases throughout their lifecycle is a real challenge.
Alcide kAudit identifies anomalous behaviors and suspicious activity patterns while observing them with extended context, beyond configured rules, such as:
Can gain access to K8s-based clusters or pods through social engineering
Lateral cluster or pod movement, privilege escalation, data access and data manipulation
Authentication, authorization, admission control or validation requests breaches
Which are in conflict with compliance best practices
Automatically and proactively investigate and forensically analyze multi-cluster Kubernetes deployment for breaches, anomalous behavior, and misuses in real-time. By leveraging Kubernetes audit logs, Alcide kAudit summarises detected anomalies alongside important access, usage and performance of Kubernetes cluster trends and statistics for investigation and auditing.
Known problems are traced back to the responsible party, root causes or contributing factors via fully context-aware, post-mortem investigation, employing automated forensic analysis of associations from state to causing action and previous secure state.
Proactively identify non-compliant behavior based on a configured set of rules, that faithfully identify all violations of an organization’s policies, with comprehensive trails of non-compliant activity that has taken place. With automated filters, a collection of such alerts is periodically delivered to compliance investigators for immediate actioning.