In an era where operators, controllers, in-cluster components as well as external components are what application made from – having a practice around this security data source becomes a must. Join us to learn about how Kubernetes Audit log can be utilized to enhance the security of Kubernetes based deployments
December 3-5, 2019
Codefresh, Spotinst and Alcide are teaming up to bring you the latest in Kubernetes, and demonstrate how to build a powerful, fast, simple and secured Kubernetes pipeline while maintaining cost reduction.
Kubernetes for DevSecOps: Enabling Cloud with Batteries Included
Speakers: Rune Abrahamsson, Site Reliability Engineer, DFDS
Gadi Naor, CTO & Co-Founder, Alcide
In this presentation, we’ll talk about DFDS journey to EKS containers and share what’s inside our clusters, and how we integrated with Alcide Kubernetes Advisor in order to stay ahead with security.
In this session, we will talk about the unique challenges of Kubernetes security use cases, such as how to automatically generate ‘good’ profile/baseline for each cluster, and make sure your continuous cluster hygiene level checks are automatically tuned.
Automating security checks throughout the development life cycle can help reduce risk and allow organizations to develop and deploy securely. Sign up to learn how.
Key takeaways: Kubernetes cluster hygiene: learn how to maintain effective security automation from dev to production and more
DevOps, Kubernetes and Integrating Security in Your CI/CD Pipeline
Continuous K8s Security with CI/CD & Migration of K8s cluster (on-premise to AWS)
Kuberentes adoption is growing by the day. As the pace and complexity of Kubernetes deployments are increasing, misconfiguration drifts translate into security risks. DevOps, who are now also tasked with security responsibilities, are dealing, on a daily basis, with questions like:
The Alciders are coming to Boston!
Security vs Agility: Providing Continuous Kubernetes Security Through Your CI/CD Pipeline
Our webinar will focus on how to gain a deeper understanding of using Istio for monitoring tasks while using Istio security features to secure your microservices and spot security anomalies.
Explore Kubernetes network policies, workload segmentation, and what it can and can’t provide. We will dive in to how Kubernetes service discovery can be used to bypass network policies.
Kubernetes is the de-facto orchestration tool, with service-mesh becoming the hot topic today
Alcide is coming to NYC and we’d love to meet you! Book a live EKS-Alcide demo at AWS Summit NYC!
Many Kubernetes users have at least an inkling of the security weaknesses they must tackle soon. Around half of teams admitted in the survey that they’re not confident their K8 deployments are secure and 67% anticipate that they’ll need to increase the use of Kubernetes specific security tooling in 2020.
The amount of audit trail data that’s being generated by Kubernetes can be particularly overwhelming, Naor said. Which is why you need automatic tools to understand all the concepts.
As the number and complexity of Kubernetes deployments grow, a critical gap is coming to light: Kubernetes audit logs are difficult to parse and analyze for critical security breach evidence without deeply specialized Kubernetes knowledge and large time investment.
Here are some tips on how to keep your Kubernetes environment secured:
Start early in the Continuous Development pipeline
On the evolution of Dev, Sec and Ops and the rise of continuous security. Traditionally, Development built the application, Operations managed the application and Security protected the application. Each team had a role and a place in the process, the handoffs were clear and the roles distinct. But that world doesn’t exist anymore.
Enterprises looking to secure their CI/CD application pipelines seemingly have many security options, but are finding a new wrinkle in their plans: The CI, or constant integration portion of their process, turns out to have different security needs than the CD and production aspects of their pipeline.
Kubernetes makes for a perfect companion to CD. Although there is some overlap, the reality is that many solutions are inadequate when it comes to meeting the needs of both processes.
Alcide Kubernetes Motivation & Usage Survey.
We would like to find out what is and what is not working for K8s users like you today.
Not adapting security automation and vulnerability scanning into development pipelines could have a drastic effect not only on cost but workload efficiency and team morale. With these sorts of headaches, it’s vital to consider the repercussions for not adopting secure (and lean) armaments and auditing procedures.
Combining Zero Trust and continuous scanning allows enterprises to balance performance needs with security requirements.
An analysis of scans conducted by Alcide, a provider of container security tools optimized for Kubernetes, finds a full 89% of deployment scans show that companies are not using the secrets resources made available in the core platform
Now fully integrated with Azure DevOps, Alcide Advisor scans Kubernetes clusters for known vulnerabilities on the master API server and worker node components, including container runtime.
In this post, we will go over some of the Kubernetes controls that we believe can greatly improve your application security, and specifically, accessing secrets, detecting Kubernetes vulnerabilities, and running specific checks related to Amazon EKS clusters.
An emerging real estate firm tasked with DevSecOps sought an assist from startup Alcide, which bakes Kubernetes security best practices into its software.
Here are some of the emerging best practices for applying Zero Trust across the cloud-native software development lifecycle (SDLC) and the software supply chain
Alcide has set itself apart from the competition by focusing on securing east-west lateral movement within K8S.
The answer lies within next-generation firewalls with east-west traffic monitoring and security policy enforcement.
If policies represent the enforcement layer of our intended services behavior, then threat hunting represents the must have “sugar coating” to cloud-native application deployments.
Kubernetes clusters will be coming to the attention of auditors, most of whom won’t understand how the clusters work, but will insist that the teams managing them should be able to document the processes being employed to manage them. That’s going to be a lot easier to achieve using an application that tracks and identifies where compliance holes in those processes are before the auditors arrive.
The idea is to ensure the integrity of new app deployments without compromising on DevOps agility.
Alcide Advisor is a continuous security & hygiene scanner for Kubernetes & Istio, which automatically scans for the widest range of compliance, security and governance risks and vulnerabilities.
Cloud-native security should be a top consideration as organizations embrace DevOps
I recently sat down with Gadi Naor, CTO, and co-founder of Alcide, to learn more about the “microservices firewall” this Tel Aviv-based security start-up is pioneering.
Joint Solution Offers Unified Security Policy Enforcement and Enhanced Threat Detection Across Multiple Clusters and Multi-Cloud Deployments
Alcide was recognized as a Breakout Cloud Security company by our magazine because they are an innovator in cloud security that might actually help you reach this goal and defeat the next generation of exploiters.
Alcide has extended the reach and scope of its container security platform to include multiple clusters and the service mesh employed across them.
The vulnerable Docker runtime container is a fundamental building block in cloud environments and data centers using Docker and Kubernetes.
Hybrid Cloud and Distributed Workloads Are Now the Norm
As we look to the year ahead, we anticipate several evolutionary serverless trends tied to standardization, orchestration, testing, observability and security.
“Just like what we see with containers, but amplified in serverless, application observability is key for building, testing, and operating serverless-based applications.”
Also adding to the complexity of cloud security is the fact that the number of tools used to secure cloud environments is increasing. One-third of organizations are now using more than five tools for cloud security.
It is clear there is still an unmet need for end-to-end security solutions that can support frictionless DevOps processes and security professionals in securing cloud workloads in a way that accelerates business outcomes and enhances the organization’s competitive edge.
According to Alcide’s 2018 Report.. 73% are reportedly configuring security policies manually, and 75% expect to increase security tools in 2019 which has the potential to lead to even more fragmentation in cloud stacks.
Companies embracing DevOps and cloud to fuel digital transformation are increasingly turning to serverless computing, also known as ‘functions-as-a-service’ (FaaS), to shift resource-intensive operational duties away from developers to cloud providers.
The cyber-security startup raises new funding to build out its microservices firewall platform that looks to help solve the visibility and control challenges of the modern cloud-native application environment.
The Tel Aviv company’s machine-learning-driven Firewall supports developers and security teams with a unified, automated and simple way to manage cross-cloud security.
Today, it announced it has landed $7 million in a Series A round of financing that it plans to use to fuel its expansion into the U.S., Europe and the Middle East.
For Best Cloud Computing/Storage Solution
As more organizations embrace hybrid cloud – with more than 50 percent claiming a hybrid cloud setup – and serverless, now used by close to third of organizations, they lack the tools and specialization to keep up, according to Alcide.
Cloud adoption drives organizations to spend in 2019 as they learn traditional security practices can’t keep up.
Workloads, specifically cloud workloads, are the application vehicle powering owned, borrowed and open-source code. There are many different types of workloads, with new options emerging over the years as the data center continues to evolve.
Alcide is a startup developing a unique security platform for modern age data centers being built on hybrid cloud architecture. It is a multi-platform, multi cloud security solution that brings simple and consolidated cloud ops. protection.
The modern data center is constantly evolving to keep up with the demands of always-on, anywhere computing. Long gone are the days of monolithic, on-premises data centers. Today, the computing modus operandi is that of the hybrid cloud.
While organizational solutions, such as DevSecOps, exist to improve coordination between the various teams responsible for specific elements of infrastructure management, a fundamental problem remains: visibility (or a lack thereof).
Last month, a critical vulnerability in the basic Linux network infrastructure was discovered by Felix Wilhelm from Google’s Security Team and disclosed by Red Hat product security. Our CTO & co-founder sheds some light on this.
The benefits of the hybrid cloud and DevOps are both well known. But what happens when these two models intersect? Often DevOps and Security teams struggle to account for the added complexity introduced by hybrid configurations. Luckily for them, Alcide has the answers, as CEO Ranny Nachmias explains.
There are clear benefits to serverless architecture, with many enterprises already making or planning to make this change. Like any paradigm shift, however, the move to serverless carries both benefits and risks. Here’s what you need to know about serverless security.
The company cited CNCF data in a press release that shows 57 percent of all Kubernetes users are already running it on AWS.
Before a company can commit to a serverless infrastructure, it needs a clear outline of the technology stacks it intends to use as the foundation for further build outs,
DevOps and Security teams should be adopting tools that mitigate the risks of open-source by providing real-time visibility over open-source operation, monitoring actual code runtime activity.
VC arm of the US semiconductor giant looking ‘to invest in the high risk, early stage, in order to be at the forefront of innovation’
The modern data center continues to grow in scale and complexity. It contains a growing, changing and evolving collection of applications that address the burgeoning demand for better, faster and more efficient data processing. Three major trends are shaping today’s data center..
The complexity of today’s business application and related IT resources has prompted the introduction of new platforms that can more easily control, manage, and secure them. Alcide is among the companies providing new solutions on this front.
Essentially what Alcide’s platform does is it helps to simplify network security monitoring as it eliminates the need for multiple tools to be used to safeguard each kind of infrastructure. The platform also eliminates what Alcide terms as “blind spots” between infrastructure and the applications running on it.
Several days ago, security researchers reported that they had observed a massive distributed denial of service (DDoS) attack.
Driven by business demands, data centers are adapted to the prevailing software architecture and DevOps methodologies and built using new technologies.
The timing of CPX couldn’t come at a more sensitive moment in the world of cybersecurity. Earlier this month, we learned about Spectre and Meltdown exploiting CPU architectures, which affect nearly every chip manufactured in recent years.
“The world is undergoing a data explosion,” said Wendell Brooks, Intel SVP and president of Intel Capital.
Latest Alcide survey shows skills gap for companies using Kubernetes and an intent to increase use of security tools
Expands leadership team on the heels of continuous customer growth and market-first Kubernetes security portfolio solutions TEL AVIV, Israel, December 4, 2019 – Alcide, the Kubernetes security leader empowering Security and DevOps teams with continuous security for multi-cluster Kubernetes deployments, completes the year strong with growing demand for its market-first Kubernetes-native security solutions. Growth has […]
This new capability enables security teams to focus on material incidents or breaches while significantly reducing detection time. Alcide’s integration with Datadog exports Kubernetes findings as well as Kubernetes audit events that violate compliance and security policy controls. This enables customers of both platforms to monitor the health of their Kubernetes cluster and alert on anomalies in real-time.
“Alcide’s innovations for Kubernetes multi-cluster hygiene and its integration with Azure DevOps makes continuous security a built-in process spanning Dev and DevOps”
With the rapid growth of cloud-native software and application development, tools like Advisor are critical for closing the security loop between the people who code, deliver and secure applications.
Bolsters large-scale Kubernetes deployment and enterprise cloud transformation, migration and security expertise
Real-time identification of security and compliance risks for multi-cluster K8s and Istio deployments integrated with the CI/CD pipeline for DevOps teams
By leveraging industry-leading security portfolio and integrating with FortiGate NGFW and FortiGuard Labs’ threat intelligence, which enables customers to easily harness deep security controls on public and hybrid cloud deployments.”
“With service mesh, becoming the go-to backbone of cloud-native apps, Alcide delivers the high-resolution security and policy controls, through its Microservice Firewall, Anomaly detection and continuous security for both in and out of the mesh workloads running on Amazon EKS.”
Strengthens Intelligent Detection of Network Anomalies; Bolsters Extended Attack Detection Coverage
AWS customers running containers have immediate access to Alcide’s Microservices Firewall
Total Funding Reaches More Than $12M Only Seven Months After General Availability; Company Expanding to US and EMEA
As Hybrid Cloud and Serverless Continue to Gain Ground, Organizations Rush to Keep Up; Fewer than Half Have Dedicated Cloud Security Teams Tel Aviv – November 6, 2018 – Alcide, provider of the most comprehensive full-stack cloud-native security platform, today released the findings of a new industry report: 2018 Report: The State of Securing Cloud Workload based on responses […]
New features include Slack integration, Serverless support and a Threat Intelligence Feed
With Alcide, EKS customers can monitor changes and visually explore Kubernetes Network Policies and how they are layered on top of Amazon Security Groups
Alcide offers a unique way to protect the cloud with real-time visibility of cloud operations combined with deep analysis and controls to manage today’s complex hybrid cloud.
Alcide offers a simplified network security platform designed to meet the complex needs of the modern data center
Alcide is a winner in the 2017-18 Cloud Awards Program in the category Most Promising Start-Up.
Alcide emerges from stealth, unveiling first universal security platform designed to meet the complex needs of modern data centers
DevOps KPIs: How to Measure Success, Part 1- Asset Management and Monitoring
Breaching the Cyber Defenses of Cloud Deployments with DNS Tunneling
How to Improve Your Kubernetes Security?
The Evolution of Serverless, Part 2: From Containers to Functions
Subscribe to receive email updates