Microservices Firewall

Delivering Intent-based and App-aware Security Policies

The modern enterprise’s cloud operations consist of many workloads running different services — some under the jurisdiction and purview of DevOps, while others are owned by dev alone. In such a complex and ever-changing landscape, well-structured tier-based monitoring and management are essential. Properly handled, the different moving parts have well-defined, intent-based communications patterns that reveal a great deal about how they ought to be approached from a security perspective.

Alcide lets you seamlessly collect and bake this information (from any number of environments) into your centrally orchestrated cloud security policies. This level of granular and hierarchical approach makes it easy to structure and enforce smart, application-aware and label-based policies. Alcide rich policy language allows Developers, DevOps and Security teams to define network policies based on not only IP ranges, but also internal services and even external domain names.

Alcide's Microservices Policy Fusion

In addition to Alcide’s cloud policies, Alcide’s embedded policies are application-aware policies that allow developers and/or DevOps to define network policies during build time. This ensures that the newly created workload (container, pod, or VM) is immediately granted the access it requires for normal operation in runtime. Alcide also offers a simplified platform on which users can gather, monitor, and manage all of their external security policies. The user can select any cloud provider policies, such as AWS Security Groups or Azure Security Groups, or cloud platform policies, such as Kubernetes network policies, to see the corresponding inbound and outbound rules as well as visualize which other workloads are associated with each policy on the map. Alcide consolidates all of the security policies—platforms policies as well as container orchestration policies—in one simple dashboard. This allows users to immediately understand inbound and outbound rules as well as enforce application-aware embedded policies across cloud infrastructure and microservices interactions.