Alcide Runtime

Deploy and Enforce with Confidence, using Alcide Microservices Firewall

Alcide's Microservices Policy Fusion

The modern enterprise’s cloud operations consist of many workloads running different services — some under the jurisdiction and purview of DevOps, while others are owned by dev alone. In such a complex and ever-changing landscape, well-structured tier-based monitoring and management are essential. Properly handled, the different moving parts have well-defined, intent-based communications patterns that reveal a great deal about how they ought to be approached from a security perspective.

Alcide lets you seamlessly collect and bake this information (from any number of environments) into your centrally orchestrated cloud security policies. This level of granular and hierarchical approach makes it easy to structure and enforce smart, application-aware and label-based policies. Alcide microservices firewall combined with rich policy language allows Developers, DevOps and Security teams to define network policies based on not only IP ranges, but also internal services and even external domain names.

Embed Security and Compliance Policy into Microservices

In addition to Alcide’s cloud policies, Alcide’s embedded policies are application-aware policies that allow developers and/or DevOps to define network policies during build time. This ensures that the newly created Kubernetes workload is immediately granted the access it requires for normal operation in runtime. Alcide also offers a simplified platform on which users can gather, monitor, and manage all of their external security policies. The user can select any cloud provider policies, such as AWS Security Groups or Azure Security Groups, or cloud platform policies, such as Kubernetes security policies, to see the corresponding inbound and outbound rules as well as visualize which other workloads are associated with each policy on the map. Alcide consolidates all of the security policies—platforms policies as well as container orchestration policies—in one simple dashboard. This allows users to immediately understand inbound and outbound rules as well as enforce application-aware embedded policies across cloud infrastructure and microservices interactions.

Benefits

  • Firewall at scale – Combining all cloud providers’ security groups (AWS, GCP, Azure), Kubernetes Network Policy, Istio API-level perimeter policy, and Alcide Embedded and recommended policy engine in one powerful firewall
  • Policy simplification & unification – A single policy framework for all Dev., Sec and Ops powered by eBPF
  • Multi-cluster support – Unify different clusters into one security incident stream
  • Endpoint embedded policies  – Embedding the policy directly onto the workload