Microservices Anomaly Detection

Threat Protection for Cloud-Native Applications and Infrastructure

Complementing security policies with Machine learning, behavioral-based anomaly detection

The Alcide platform provides a threat detection engine and offers protection against attacks that are either overlooked or undetected by traditional protection layers, including abnormal behaviors and security incidents. While security features like micro-segmentation and cloud-provider security groups limit the allowed network connections between potentially interacting applications’ workloads, they cannot stop the abuse of the permitted connections by external attackers, internally deployed malware or malicious insiders. For example, a web server should be allowed to connect to the database used by the web application it is exposing to the world, but if there is a vulnerability in this application, an attacker may exploit it to gain access through it to the data in the database. This is where automated detection of anomalous behavior of workloads comes in. Gathering information about each workload’s behavior and network usage, and processing it with machine learning techniques directed by security expertise, highlights unexpected network usage patterns and unusual data transfers initiated by workloads.

Supporting Multiple Threat Anomalies

Alcide provides out-of-the-box Threat Detection engine equipped with canned analytics and alerts set. Alerts are detected in real-time, allowing Security and DevOps teams to quickly respond and mitigate potential threats. Alcide Threat Detection engine analyzes network data collected by agents and leverages Machine Learning algorithms to detect behavior anomalies and security incidents. Alerts are visualized on Alcide’s Infrastructure and Applications maps, to provide a better understanding of the broader context of which assets are associated with each alert. Alcide’s threat detection engine supports the following threat detections and behavior anomaly types: anomalous network activity, DNS tunneling, reputation hits, permissive policy creation, permissive policy change, east-west network host scanning to name a few.