Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
At work, but not for production apps
I don’t use WebAssembly but expect to when the technology matures
I have no plans to use WebAssembly
No plans and I get mad whenever I see the buzzword
CI/CD / Kubernetes / Security

New Alcide Release Enhances Kubernetes, Istio Security

enables cloud-native application developers to embed security policy as code as part of their CI/CD pipeline.
Feb 27th, 2019 9:35am by
Featued image for: New Alcide Release Enhances Kubernetes, Istio Security

Microservices security vendor Alcide’s latest release focuses on securing complex, multicluster Kubernetes and Istio deployments.

Alcide sets itself apart with its DevOps focus on security, according to a report from 451 Research. It enables cloud native application developers to embed security policy as code as part of their CI/CD pipeline. Meanwhile, Ops and Sec teams can continuously monitor and secure different clusters for anomalous behavior using machine learning and view the entire environment in a single incident stream.

Alcide enables cloud native application developers to embed security policy as code as part of their CI/CD pipeline.

The Tel Aviv-based startup introduced its Cloud Native Security Platform in April 2018, then updated it the following July with support for serverless.

The new enhancements include:

  • Extended attack detection coverage, which includes algorithm-based malware detection, and peer container analysis using machine learning to determine normal behavior based on historical context as well as that of peers.
  • Smart Threat Manager Alerting, providing the ability to route alerts to the appropriate person and export threat alerts into management platform of choice.
  • Endpoint Embedded Policies, which provides the ability to embed security policy directly onto the workload to allow effective runtime microsegmentation wherever the workload is deployed.
  • Availability on Google’s Cloud Platform Marketplace in addition to AWS and Azure.

Alcide competes with the growing number of vendors in microservices and container security, including NeuVector, Capsule8, Aqua Security, Twistlock and Anchore.

Alcide bills itself as a microservice firewall.

The traditional firewall is applied at the edge, while microservices environments have no clear edge. The Alcide microservices firewall runs as a host-based agent where the microservices are running. On Kubernetes it is deployed as a DaemonSet; on serverless, it is deployed as a function agent.

It enables fine-grained segmentation and fine-grained policies geared toward how microservices are interacting with each other and provides detection of anomalies, according to Gadi Naor, co-founder and chief technology officer of Alcide.

Adoption of cloud-native technologies and Kubernetes being driven by DevOps — not IT, he pointed out, adding that traditional security solutions not designed for distributed environments where there are multiple teams developing small parts of the entire application.

“When you combine the two, you end up in a place where you need something profoundly new and different where you bake security into the process of development and security into production,” he said. “[It] allows developers and DevOps to capture in code security policy … There are many stages from code to production where our product is deployed.”

The enhancements enable users to view as early as the test stages if there are elements that are misbehaving. The improved microservices anomaly detection, specifically around attacks that leverage the VNS infrastructure, comes without the overhead of less efficient and traditional products, he said.

Alcide enables users to search, control and enforce policies in real time, including the ability to segregate applications from the internet, load balancer and to the internal egress and third-party services.

Events can be streamed to its dashboard as well as to other tools such as Slack and Splunk.

It performs both statistical analysis and rules-based detections but is focused primarily on the microservice level of abstraction, as opposed to the underlying infrastructure, according to 451 Research. It organizes visual elements so there’s a clear understanding of external and internal components, as well as callouts to external services. Application-specific and service-specific views also are available.

It praised the company’s intuitive visualizations as well as its integrations with ChatOps. The weaknesses it cited were a limited number of protocols for application visibility (DNS and HTTP), and said its agent-based approach could limit deployment options in some managed environments.

You can view Alcide’s webinar on Kubernetes and Istio security here.

Twistlock is a sponsor of The New Stack.

Feature image via Pixabay.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Aqua Security.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.