Everything You Wanted to
Know about Alcide Kubernetes Security Platform

Q: What is Alcide?

A: Alcide is a cloud-native security platform that speaks the language of both infrastructure and application. Alcide provides cloud and Kubernetes discovery, K8s audit and compliance scanner, microservices anomaly detection and security policies management and enforcement. Alcide was designed to help security and development team with today’s complex cloud environment by providing them with a simplified control to manage and secure the evolving Kubernetes and multi-cloud deployments, at any scale.

Q: What cloud technologies Alcide supports?

A: Alcide supports Kubernetes as well as managed Kubernetes services offered by the three major cloud providers: GKE, AKS, EKS

Q: What are Alcide’s product offerings?

A: Product Offerings:

  • Alcide Kubernetes Advisor
    • Alcide Kubernetes Advisor is a Kubernetes multi-cluster vulnerability scanner that covers rich Kubernetes and Istio security best practices and compliance checks such as Kubernetes vulnerability scanning, hunting misplaced secrets, or excessive secret access, workload hardening from Pod Security to network policies, Istio security configuration and best practices, Ingress controllers for security best practices, Kubernetes API server access privileges and Kubernetes operators security best practices.
  • Alcide kAudit
    • Identifying the K8s workloads that contain sensitive information such as access to critical databases throughout their lifecycle is a real challenge.
    • Alcide kAudit identifies anomalous behaviors and suspicious activity patterns while observing them with extended context, beyond configured rules.
  • Alcide Runtime
    • Alcide lets you seamlessly collect and bake this information (from any number of environments) into your centrally orchestrated cloud security policies. This level of granular and hierarchical approach makes it easy to structure and enforce smart, application-aware and label-based policies. Alcide microservices firewall combined with rich policy language allows Developers, DevOps and Security teams to define network policies based on not only IP ranges, but also internal services and even external domain names.

 

Q: What are the different deployment models available?

A: Alcide is available as a SaaS-based solution.

Q: What available integrations do Alcide support?

A: Alcide natively integrates with many devOps and SIEM products. Visit our Community page for the full list.

Q: What is the Alcide Admission Controller capability?

A: Coupled with Alcide Kubernetes Advisor, an on-demand Kubernetes assessment tool, admission control offers a complete security solution from Dev. to production. Together, they provide automated, centralized protection and remediation, backed up with supreme visibility spanning multi-cluster, and multi-account environments.

Q. What features does Alcide Kubernetes Advisor provide for policy customization?

A. We provide the ability to fully customize the scan policy: pick and choose what scan checks are enabled based on use case and persona, override the severity, and create exceptions to certain microservice/resources for example – allowing a monitoring microservice to run as a privileged Pod in order for it perform its intended functionality

Q. Can I get default blacklists out of the box from Alcide Kubernetes Advisor?

A. Yes, we have out-of-the-box-black lists. For example, Pod that mount host file system paths such as /proc or /etc – would create check violation as these are clearly not best practice and introduce risk

Q. What cloud Kubernetes services does Alcide support?

A. Since Alcide Advisor is an agentless, pure API based security & hygiene scanner – we support all Kubernetes flavors, managed such as AKS, GKE, EKS, and non-managed clusters built using Kops, kubeadm and alike.

Q: How does Alcide collect security information from different cloud providers: GCP, AWS, and Azure?

A: Alcide uses a mixture of cloud-specific monitoring modules and host-based agents for collecting full cloud environment topology and network information which feeds our security analysis engine.

Q: What attack scenarios does Alcide detect?

A: Within our platform, we monitor and detect possible security breaches and advanced threats, as well as security anomalies and common cyber attack techniques like DNS tunneling, spoofing, and poisoning. In addition, the platform detects endpoints scanning within the datacenter and ports scanning from outside the data center, and known malicious external IPs and domain names (reputation feeds).

Q: What does Alcide’s reputation feed provide security teams with?

A: Alcide Reputation Intelligence Feed reports on suspicious traffic that is associated with the reputation-related (IP or DNS) and blocks connections before entering the workloads running on the compute. And in specific: Ability to view and review alerts: View an alert from the events feed or on the topology map or search for a specific asset by name, IP address, labels or type. Review alerts details to understand the nature of the observed indication. Identify a component of a known attack or anomaly behavior that might indicate an attack on your network. Collect information to understand the full scope of the incident, review network traffic and network rules defined for the asset. Derive possible courses of actions and proceed to act on themRespond Quickly to the detected attack by quarantining an application and isolating it from the network.