Microservices Anomaly Detection

Detecting abnormal behaviors and security incidents

Kubernetes Runtime Protection : Alert, Detect, Enforce

The Alcide platform provides a threat detection engine and offers protection against attacks that are either overlooked or undetected by traditional protection layers, including abnormal behaviors and security incidents such as DNS exfiltration, spoofing, poisoning, and lateral movement. While security features like micro-segmentation and cloud-provider security groups limit the allowed network connections between potentially interacting applications’ workloads, they cannot stop the abuse of the permitted connections by external attackers, internally deployed malware or malicious insiders.

Alcide provides out-of-the-box Threat Detection engine equipped with canned analytics and alerts set. Alerts are detected in real-time, allowing Security and DevOps teams to quickly respond and mitigate potential threats. Alcide Threat Detection engine analyzes network data collected by agents and leverages Machine Learning algorithms to detect behavior anomalies and security incidents. Alerts are visualized on Alcide’s Infrastructure and Applications maps, to provide a better understanding of the broader context of which assets are associated with each alert.

  • Behavioral-based anomaly detection: Complementing security policies with Machine learning, behavioral-based anomaly detection
  • Support multiple Threat Anomalies – Data exfiltration, lateral movement, misconfiguration detection, zero-day attacks and Insider threats

The Benefits

    • Smart detection for unknown network threats – based on patent-pending AI engine
    • Threat intelligence feed for known threats 
    • Detect unauthorized process-level activity
    • Policy recommendation for network segmentation- reduce risk and exposure by isolating K8s assets
    • Enforce processes, network threats, segmentation.

New blog: Pod Security Policy

The Pod Security Policy is part of Kubernetes admission control mechanism, so in order to have the Pod Security Policy take effect, the Kubernetes Admission Control needs to be activated. When the User or the Service Account access the Kubernetes API for creating a Pod, the Admission Control is invoked and checks if the Pod attributes conform with the rules defined in the Pod Security Policy. In case there is a mismatch the API server will fail the operation.

Read blog