Everything You Wanted to
Know about Alcide Security Platform

Q: What is Alcide?

A: Alcide is a cloud-native security platform that speaks the language of both infrastructure and application. Alcide provides cloud and Kubernetes discovery, K8s audit and compliance scanner, microservices anomaly detection and security policies management and enforcement. Alcide was designed to help security and development team with today’s complex cloud environment by providing them with a simplified control to manage and secure the evolving Kubernetes and multi-cloud deployments, at any scale.

Q: What cloud technologies Alcide supports?

A: Alcide supports Kubernetes as well as managed Kubernetes services offered by the three major cloud providers: GKE, AKS, EKS

Q: How does Alcide work?

A: Alcide focuses on multi-cluster K8s and multi-cloud environments and provides the following: Continuous security for audit and compliance, Microservices firewall, Cloud topology discovery and anomaly detection

Q: What are the different deployment models available?

A: Alcide is available as a SaaS-based solution as well as an on-premise.

Q: What does the Alcide’s Solution consist of?

A: The solution consists of the following: Cloud Discovery – Using each cloud providers’ native APIs,  monitors the cloud providers’ orchestration platforms to provide visibility into the entire infrastructure, as well as topology and configuration information. An agentless Kubernetes Advisor scanner that scans multi-cluster deployments for audit and compliance purposes; Microservices Firewall and Anomaly Detection via an Alcide agent – Deployed on each cloud compute-unit, the Alcide agent collects and analyzes network traffic and uniformly enforces policies across compute units, including containers and microservices.

HL Architecture with advisor July 21

Q: What available integrations do Alcide support?

A: Alcide natively integrates with Google Cloud Builder, Azure DevOps, Circle CI, Travis CI, and Jenkins.

Q. What features does Alcide Kubernetes Advisor provide for policy customization?

A. We provide the ability to fully customize the scan policy: pick and choose what scan checks are enabled based on use case and persona, override the severity, and create exceptions to certain microservice/resources for example – allowing a monitoring microservice to run as a privileged Pod in order for it perform its intended functionality

Q. Can Alcide Kubernetes Advisor support policy customization by security pros that are monitored by DevOps?

A. Absolutely – you can apply multiple policies managed by different teams, and violations can be routed to either ChatOps tools like Slack or security toolchain like Splunk.

Q. Can I get default blacklists out of the box from Alcide Kubernetes Advisor?

A. Yes, we have out-of-the-box-black lists. For example, Pod that mount host file system paths such as /proc or /etc – would create check violation as these are clearly not best practice and introduce risk

Q. What cloud Kubernetes services does Alcide support?

A. Since Alcide Advisor is an agentless, pure API based security & hygiene scanner – we support all Kubernetes flavors, managed such as AKS, GKE, EKS, and non-managed clusters built using Kops, kubeadm and alike.

Q: How does Alcide collect security information from different cloud providers: GCP, AWS, and Azure?

A: Alcide uses a mixture of cloud-specific monitoring modules and host-based agents for collecting full cloud environment topology and network information which feeds our security analysis engine.

Q: How many accounts and regions can Alcide’s support?

A: Alcide’s platform supports any number of accounts or regions, and works best in cross-platforms, multi-cloud environments. Our agent surface AWS security groups, Azure groups, and GCP security groups.

Q: What attack scenarios does Alcide detect?

A: Within our platform, we monitor and detect possible security breaches and advanced threats, as well as security anomalies and common cyber attack techniques like DNS tunneling, spoofing, and poisoning. In addition, the platform detects endpoints scanning within the datacenter and ports scanning from outside the data center, and known malicious external IPs and domain names (reputation feeds).

Q: What does Alcide’s reputation feed provide security teams with?

A: Alcide Reputation Intelligence Feed reports on suspicious traffic that is associated with the reputation-related (IP or DNS) and blocks connections before entering the workloads running on the compute. And in specific: Ability to view and review alerts: View an alert from the events feed or on the topology map or search for a specific asset by name, IP address, labels or type. Review alerts details to understand the nature of the observed indication. Identify a component of a known attack or anomaly behavior that might indicate an attack on your network. Collect information to understand the full scope of the incident, review network traffic and network rules defined for the asset. Derive possible courses of actions and proceed to act on themRespond Quickly to the detected attack by quarantining an application and isolating it from the network.

Test drive Alcide for free. Start your free trial today.