Q: What is Alcide?
A: Alcide is a cloud-native security platform that speaks the language of both infrastructure and application. Alcide provides full visibility, advanced threat protection and security policies management and enforcement. Alcide was designed to help security and ops team with today’s complex cloud environment by providing them with a simplified control to manage and secure the evolving data center and hybrid cloud, at any scale.
Q: How Does Alcide Work?
A: Alcide focuses on the broader range of containers, VMs, serverless and service mesh, by enabling real-time, aerial visibility and granular perspectives of both infrastructure and applications by providing the following:
- Application-aware micro-segmentation
- Network visualization and connectivity map
- Advanced threat protection
- Embedded security policies
Q: How quickly can I get Alcide up and running?
A: Approximately 10 minutes – Once the Alcide’s SAAS monitor agent is deployed, Alcide will start providing actionable security and risk information within approximately 5 minutes.
Q: What are the different deployment models available?
A: Alcide is available as a SaaS-based solution as well as an on-premise.
Q: What does the Alcide’s platform consist of?
A: the platform consists of the following:
- Panoramic Map – real-time panoramic and granular views of the data center infrastructure and applications: see assets at risk, select and filter assets to see additional, in-context data on your assets and applications. (refer to screenshot).
- Infrastructure view: this view provides with a real-time, aerial visibility and granular perspectives of the infrastructure across multiple cloud platforms.
- Application view: this view provides with a real-time, aerial visibility and granular perspectives of the applications and microservices in the environment.
- Contextual data pane – additional data on the different assets and applications including metadata from the cloud provider and orchestration platform, network activity, flag anomalies and threat detections, and view the security policies specified for the asset.
Q: How Does Alcide collect security information from the different cloud providers: GCP, AWS and Azure?
A: Alcide uses a mixture of cloud-specific monitoring modules and host-based agents for collecting full cloud environment topology and network information which feeds our security analysis engine.
Q: How many accounts and regions can Alcide’s support?
A: Alcide’s platform supports any number of accounts or regions, and works best in cross-platforms, multi-cloud environments. Our agent surface AWS security groups, Azure groups, and GCP security groups.
Q: What attack techniques does Alcide detect?
A: Within our platform, we monitor and detect possible security breaches and advanced threats, as well as security anomalies and common cyber attack techniques like DNS tunneling, spoofing, and poisoning. In addition, the platform detects endpoints scanning within the datacenter and ports scanning from outside the data center, and known malicious external IPs and domain names (reputation feeds).
Q: What Does Alcide’s Reputation Feed provide security teams with?
A: Alcide Reputation Intelligence Feed reports on suspicious traffic that is associated with the reputation-related (IP or DNS) and blocks connections before entering the workloads running on the compute. And in specific:
- Ability to view and review alerts: View an alert from the events feed or on the topology map or search for a specific asset by name, IP address, labels or type. Review alerts details to understand the nature of the observed indication. Identify a component of a known attack or anomaly behavior that might indicate an attack on your network.
- Collect information to understand the full scope of the incident, review network traffic and network rules defined for the asset. Derive possible courses of actions and proceed to act on them
- Respond Quickly to the detected attack by quarantining an application and isolating it from the network.