Alcide FAQ

Q: What is Alcide?

A: Alcide is a cloud-native security platform that speaks the language of both infrastructure and application. Alcide provides full visibility, advanced threat protection and security policies management and enforcement. Alcide was designed to help security and development team with today’s complex cloud environment by providing them with a simplified control to manage and secure the evolving Kubernetes and multi-cloud deployments, at any scale.

Q: What Cloud Technologies Alcide Supports?

A: Alcide supports Kubernetes as well as managed Kubernetes services offered by the three major cloud providers: GKE, AKS, EKS

Q: How Does Alcide Work?

A: Alcide focuses on multi-cluster K8s and multi-cloud environments and provides the following:

  • Continuous security
  • Microservices firewall
  • Cloud topology discovery 
  • Microservices anomaly detection
Q: How quickly can I get Alcide up and running?

A: Approximately 10 minutes – Once the Alcide’s SAAS agent is deployed, Alcide will start providing actionable security and risk information.

Q: What are the different deployment models available?

A: Alcide is available as a SaaS-based solution as well as an on-premise.

Q: What Does the Alcide’s Solution Consist of?

A: The solution consists of the following:

  • Cloud Observer – Using each cloud providers’ native APIs,  monitors the cloud providers’ orchestration platforms to provide visibility into the entire infrastructure, as well as topology and configuration information.
  • Alcide Agent – Deployed on each cloud compute-unit, the Alcide agent collects and analyzes network traffic and uniformly enforces policies across compute units, including containers and microservices.
  • Management Services – Alcide’s management services, including its threat detection engine, Alcide tiered policies, cloud topology builder, application-aware traffic analyzer, and more.
Q: How Does Alcide Collect Security Information from the Different Cloud Providers: GCP, AWS and Azure?

A: Alcide uses a mixture of cloud-specific monitoring modules and host-based agents for collecting full cloud environment topology and network information which feeds our security analysis engine.

Q: How Many Accounts and Regions can Alcide’s Support?

A: Alcide’s platform supports any number of accounts or regions, and works best in cross-platforms, multi-cloud environments. Our agent surface AWS security groups, Azure groups, and GCP security groups.

Q: What Attack Scenarios Does Alcide Detect?

A: Within our platform, we monitor and detect possible security breaches and advanced threats, as well as security anomalies and common cyber attack techniques like DNS tunneling, spoofing, and poisoning. In addition, the platform detects endpoints scanning within the datacenter and ports scanning from outside the data center, and known malicious external IPs and domain names (reputation feeds).

Q: What Does Alcide’s Reputation Feed Provide Security Teams with?

A: Alcide Reputation Intelligence Feed reports on suspicious traffic that is associated with the reputation-related (IP or DNS) and blocks connections before entering the workloads running on the compute. And in specific:

  • Ability to view and review alerts: View an alert from the events feed or on the topology map or search for a specific asset by name, IP address, labels or type. Review alerts details to understand the nature of the observed indication. Identify a component of a known attack or anomaly behavior that might indicate an attack on your network.
  • Collect information to understand the full scope of the incident, review network traffic and network rules defined for the asset. Derive possible courses of actions and proceed to act on them
  • Respond Quickly to the detected attack by quarantining an application and isolating it from the network.
Q: Is Alcide Available on the Cloud Providers’ Marketplaces?

A: Yes. Alcide is currently available on AWS Marketplace,  Azure Marketplace, and GCP Marketplace.