Microservices security vendor Alcide’s latest release focuses on securing complex, multicluster Kubernetes and Istio deployments.
Alcide sets itself apart with its DevOps focus on security, according to a report from 451 Research. It enables cloud native application developers to embed security policy as code as part of their CI/CD pipeline. Meanwhile, Ops and Sec teams can continuously monitor and secure different clusters for anomalous behavior using machine learning and view the entire environment in a single incident stream.
Alcide enables cloud native application developers to embed security policy as code as part of their CI/CD pipeline.
The Tel Aviv-based startup introduced its Cloud Native Security Platform in April 2018, then updated it the following July with support for serverless.
The new enhancements include:
- Extended attack detection coverage, which includes algorithm-based malware detection, and peer container analysis using machine learning to determine normal behavior based on historical context as well as that of peers.
- Smart Threat Manager Alerting, providing the ability to route alerts to the appropriate person and export threat alerts into management platform of choice.
- Endpoint Embedded Policies, which provides the ability to embed security policy directly onto the workload to allow effective runtime microsegmentation wherever the workload is deployed.
- Availability on Google’s Cloud Platform Marketplace in addition to AWS and Azure.
Alcide bills itself as a microservice firewall.
The traditional firewall is applied at the edge, while microservices environments have no clear edge. The Alcide microservices firewall runs as a host-based agent where the microservices are running. On Kubernetes it is deployed as a DaemonSet; on serverless, it is deployed as a function agent.
It enables fine-grained segmentation and fine-grained policies geared toward how microservices are interacting with each other and provides detection of anomalies, according to Gadi Naor, co-founder and chief technology officer of Alcide.
Adoption of cloud-native technologies and Kubernetes being driven by DevOps — not IT, he pointed out, adding that traditional security solutions not designed for distributed environments where there are multiple teams developing small parts of the entire application.
“When you combine the two, you end up in a place where you need something profoundly new and different where you bake security into the process of development and security into production,” he said. “[It] allows developers and DevOps to capture in code security policy … There are many stages from code to production where our product is deployed.”
The enhancements enable users to view as early as the test stages if there are elements that are misbehaving. The improved microservices anomaly detection, specifically around attacks that leverage the VNS infrastructure, comes without the overhead of less efficient and traditional products, he said.
Alcide enables users to search, control and enforce policies in real time, including the ability to segregate applications from the internet, load balancer and to the internal egress and third-party services.
Events can be streamed to its dashboard as well as to other tools such as Slack and Splunk.
It performs both statistical analysis and rules-based detections but is focused primarily on the microservice level of abstraction, as opposed to the underlying infrastructure, according to 451 Research. It organizes visual elements so there’s a clear understanding of external and internal components, as well as callouts to external services. Application-specific and service-specific views also are available.
It praised the company’s intuitive visualizations as well as its integrations with ChatOps. The weaknesses it cited were a limited number of protocols for application visibility (DNS and HTTP), and said its agent-based approach could limit deployment options in some managed environments.
You can view Alcide’s webinar on Kubernetes and Istio security here.
Twistlock is a sponsor of The New Stack.
Feature image via Pixabay.
The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Aqua Security.