News

alcide logo

Alcide Advances Real-time, Automated K8s Forensics and Analysis with kAudit

kAudit findings now available on Datadog platform as part of new integration

TEL AVIV, Israel and SAN DIEGO, November 14, 2019 – Alcide, the Kubernetes security leader empowering Security and DevOps  teams with continuous security for Kubernetes infrastructure, today introduced its Early Access Program to its new Alcide kAudit. The new Alcide kAudit automatically and proactively investigates and analyzes multi-cluster Kubernetes deployment for breaches, anomalous behavior and misuses in real time. Intelligently leveraging Kubernetes Audit logs, Alcide kAudit summarizes detected anomalies alongside important access, usage and performance trends of the K8s cluster and statistics for user-friendly investigation and auditing. This new capability enables security teams to focus on material incidents or breaches while significantly reducing detection time. Alcide’s integration with Datadog exports Kubernetes findings as well as Kubernetes audit events that violate compliance and security policy controls. This enables customers of both platforms to monitor the health of their Kubernetes cluster and alert on anomalies in real-time. 

The dynamic, distributed and ephemeral nature of Kubernetes deployments results in workloads being added, removed or modified at a fast pace. Identifying the K8s workloads containing sensitive information such as access to critical databases throughout their lifecycle has been a growing challenge for the 40% of enterprise companies deploying Kubernetes in production according to CNCF, and 71% of Fortune 100 companies that use Kubernetes as their main container orchestration tool. Security teams’ demands for safeguarding K8s deployments are many and increasing and also include the swift identification of users and roles with legitimate reasons for accessing sensitive database-workloads at any given time – calling for new solutions that go beyond manual K8s log inspections. 

In response to these growing security demands, Alcide is introducing Alcide kAudit as a robust, machine learning-enabled tool, which equips security teams with real-time, intelligently automated insights on critical threats and security-related abuses of multi-cluster Kubernetes. The tool automatically assembles, catalogs and reports on violations of K8s-related compliance best practices. It identifies anomalous behaviors and suspicious activity patterns, observing them with extended context, beyond configured rules, including:

  • Stolen credentials, which aim to gain initial access to K8s-based clusters or pods; or seek to capture credentials earlier in their reconnaissance process through social engineered access to cluster resources;
  • Stolen tokens or misconfigured RBAC, which allow lateral cluster or pod movement; privilege escalation; data access and/or data manipulation; 
  • Exploited vulnerabilities in the Kubernetes API Server, such as authentication, authorization, admission control or validation requests breaches, which seek to gain access to privileged and sensitive resources; and
  • Violated security policies in conflict with compliance best practices

Alcide kAudit addresses the DevSecOps challenge with Kubernetes bridging between DevOps teams’ need to seamlessly monitor Kubernetes Runtime environment with Security teams’ demand to have visibility and investigation capabilities without the need to become Kubernetes experts themselves,” highlighted Amir Ofek, CEO, Alcide.

“As our customers adopt Kubernetes, they look for visibility into both operations and security,” said Marc Tremsal, Director, Product Management, Datadog. “This integration with Alcide provides security and infrastructure teams with a single pane of glass to run and secure their clusters.”

Alcide kAudit can also be easily integrated into existing common SIEMs such as Splunk, Elastic, Sentinel, providing SOC teams visibility on their K8s security events as part of their existing traditional monitoring.

Security teams can leverage Alcide kAudit to:

  • Proactively identify non-compliant behavior based on a configured set of rules, that faithfully identify all violations of an organization’s policies, with comprehensive trails of  non-compliant activity that has taken place. With automated filters, a collection of such alerts is periodically delivered to compliance investigators for immediate actioning.
  • Reactively investigate a specific operational or security problem. Known problems are traced back to the responsible party, root causes or contributing factors via fully context-aware, post-mortem investigation, employing automated forensic analysis of associations from state to causing action and previous secure state.

Alcide kAudit represents a critical security building block, for companies relying on Kubernetes as their application delivery vehicle. Alcide cloud-native security platform delivers end-to-end security for workloads running on Kubernetes, starting as early as the CD pipeline with its Alcide Kubernetes Advisor, and through its’ advanced network security as well as its’ Microservices Firewall, where Dev, Sec and Ops teams manage and enforce their comprehensive K8s network policies. The Alcide platform recently won Cybersecurity Breakthrough Awards’ ‘Intrusion Detection Solution of the Year.’ 

Learn more about Alcide kAudit at KubeCon San Diego:

About Alcide

Alcide is a Kubernetes security leader empowering DevOps teams to drive frictionless security guardrails through their CI/CD pipelines, and security teams to continuously secure and protect their growing Kubernetes deployments. Alcide provides a single K8s-native AI-driven security platform for cross-Kubernetes aspects: configuration risks, visibility across clusters, run-time security events, and a single policy framework to enforce.