The Alcide platform addresses all Kubernetes security needs holistically, from design through deployment to production. The platform is designed from a DevOps perspective, while also ensuring robust and comprehensive Kubernetes security and compliance best practices. Alcide secures your Kubernetes infrastructure and ensures compliance already from the CD pipeline, through deployment and to runtime protection.
The Alcide Kubernetes-native platform has two underlying engines. One is a design-to-production policy, monitoring and enforcement engine. The second is an artificial intelligence (AI) engine based on machine learning, which detects behavior anomalies.
The platform helps enforce security policies and with drift prevention – but not only. Alcide also detects malicious network activity, risk configurations, misconfigurations, visibility across clusters, real-time monitoring and runtime security issues.
kAdvisor is an agentless pure API-based vulnerability scanner, providing a single-pane view for all Kubernetes-related aspects and is seamlessly integrated with your CI/CD pipeline.
kAdvisor simplifies the security assessment for the entire kubernetes environment while creating baseline profiles for each cluster, highlighting and scoring security risks, misconfigurations and hygiene drifts. We support all types of Kubernetes flavors, from managed services like EKS, AKS and GKE, to unmanaged clusters built with Kops, Kubeadm and alike.
Kubernetes vulnerability scanning
Hunting misplaced secrets
Workload hardening from Pod Security to network policies
Istio security configuration and best practices
Ingress controllers for security best practices
Kubernetes API server access privileges
Kubernetes operators security best practices
Security and Compliance from First-go
Scans the Kubernetes cluster configuration file for security drifts and misconfigurations, resulting in better understanding of and more control over distributed projects, thanks to continuous and dynamic analysis.
Covers rich Kubernetes and Istio security best practices and compliance checks such as Kubernetes vulnerability scanning, hunting misplaced secrets or excessive secret access, workload hardening from Pod Security to network policies, Ingress controllers, Kubernetes API server access privileges and Kubernetes operators.
Early detection of hygiene, risk & conformance drifts
Integrated into the deployment phase of your CI/CD pipeline, kAdvisor provides profile-driven machinery to detect “negative” drifts with respect to previous deployments, across a wide range of Kubernetes and Istio security best practices.
kAudit is a robust, machine learning (ML)-based tool, intelligently leveraging Kubernetes audit logs and summarizing detected anomalies and potential threats. kAudit highlights usage and performance trends across the Kubernetes clusters while providing user-friendly statistics for auditing and for further investigation.
On top of automated audit analytics and risk detection, kAudit helps to keep close track of your organization’s compliance policies and predefined rules. With kAudit, companies running Kubernetes-based workloads properly enforce the rules required for adhering to government and regulation standards such as PCI, GDPR and HIPAA. kAudit automatically assembles, atalogs and reports on violations of Kubernetes-related compliance best practices.
kAudit fits perfectly in the complex multi-cluster Kubernetes environments that companies build today. With an AI-based detection and prevention mechanism, Alcide kAudit provides a high-resolution network detection security layer that gives instant insights and alerts on any suspicious activity. Armed with ML and artificial intelligence (AI) for monitoring audit logs, kAudit continuously scans logs and flags any unusual or suspicious network behavior.
Focus on impending threats fast
Alcide kAudit offers ongoing analyses of Kubernetes audit logs to detect illegitimate user and service account behavior in real-time. Automated insights on critical threats and security-related abuses enable teams to focus on material incidents while significantly reducing detection time.
Monitor behavior and react in real-time
With machine learning, kAudit identifies suspicious activity patterns, in real-time. When anomalous behavior is identified, kAudit traces back to the root causes via fully context-aware, post-mortem investigation and automated forensic analysis. IR teams can easily leverage the robust kAudit analysis and forensics capabilities.
Extending your SIEM to Kubernetes
Alcide kAudit seamlessly integrates into existing common SIEMs such as Splunk, Sumo Logic, Elastic and more, providing SOC teams visibility on their K8s security events as part of their existing traditional monitoring.
Backed by patent-pending artificial intelligence, kAudit learns the patterns of your audit log over time and then enables security and compliance enforcement in response to anomalies accordingly.
Kubernetes cloud operations consist of many workloads running different services. Alcide’s kArt network-based approach allows the seamless collection of traffic information into centrally orchestrated cloud security policies and anomaly engines. This level of granular control combined with a hierarchical approach makes it easy to structure and enforce smart, application-aware and label-based policies.
In addition to the Kubernetes-native cloud policies, Alcide’s embedded policies are application-aware, empowering developers or DevOps to define network policies during build time. This ensures that the newly created Kubernetes workload is immediately granted the access it requires for normal operation in runtime. Alcide also offers a simplified platform from which users can gather, monitor, and manage all of their external security policies. The user can select any cloud provider policies, such as AWS Security Groups or Azure Security Groups, or cloud platform policies, such as Kubernetes security policies, to see the corresponding inbound and outbound rules as well as visualize which other workloads are associated with each policy on the map.
Alcide’s image scanning capabilities are designed specifically for the complex Kubernetes deployments. Alcide’s image scanning continuously monitors and highlights potentially vulnerable components, derived from flagged security issues within the container images, while strictly focusing on the Kubernetes context.
The kArt module provides a Machine Learning, behavioral-based anomaly detection engine, offering protection against security incidents and abnormal behaviors that are either overlooked or undetected by traditional protection layers. While security features like micro-segmentation and cloud-provider security groups limit the network connections that are allowed between potentially interacting application workloads, they cannot stop the abuse of the permitted connections by external attackers, internally deployed malware or malicious insiders. kArt generates and visualizes real-time alerts on Alcide’s Infrastructure and Applications maps, allowing Security and DevOps teams to quickly respond and mitigate potential threats such as DNS tunneling, reputation hits, permissive policy creation, permissive policy change, and east-west network.
Firewall at scale
Combining all cloud providers’ security groups (AWS, GCP, Azure), Kubernetes Network Policy, Istio API-level perimeter policy, and Alcide Embedded and recommended policy engine in one powerful firewall
Policy simplification & unification
A single policy framework for all Dev, Sec and Ops teams powered by Linux eBPF alongside enhanced embedded policies directly into the workload
Multi-Cloud Multi-cluster support in real-time
Unification of different clusters into one security incident stream, gathering all relevant applications, assets and alerts, thus providing a much broader understanding of context and quicker detection of both known and unknown threats.