alcide

Alcide Blog

Cloud-native Security Provider

Alcide Advisor: Continuous Kubernetes Security

May 15, 2019 7:54:00 AM / by Karine Regev

Start your Alcide Advisor 30-day free trial.

The Alcide Advisor provides a free access to our new Kubernetes and Istio hygiene advisor tool as it scans your Kubernetes deployments looking for misconfigurations or secrets left behind.

 

What is the Alcide Advisor?

Alcide-advisor-dashboard

Alcide Advisor is a continuous security & hygiene advisor for Kubernetes & Istio, which automatically scans for the widest range of compliance, security and governance risks and vulnerabilities. It then provides ongoing insights and actionable recommendations to ensure always-on security of deployed applications. This will ensure that your Kubernetes cluster, nodes and pods configuration are tuned to run according to security best practices and internal guidelines.

 

Why Kubernetes Advisor?

Cloud-based deployments are growing in their complexity by the day, especially if they come in multi environments or hybrid deployment flavors. Coupled with black-box Kubernetes, it's easy to get lost in the game! 

As a company that is heavily invested in K8s, we needed a continuous change control tool that delivers value from day one, and provides both ongoing insights and actionable recommendations. A tool that our DevOps teams would love to use: one that gives them the operational control as well as the scalability they need, combined with automated built-in security. The Alcide Advisor was then envisioned with the following use cases:

  • CI/CD Integration: Fail pipeline on resources that fail to pass policy checks
  • Support multi-cluster deployments: Scalable review of many clusters against a blue print profile
  • App-formation: Create a baseline from a specific cluster scan and compare all other clusters to this specific cluster
  • Resource admission policy enforcement: Deny or alert on resource admission that fail to pass policy checks

get alcide advisor-1

Alcide Advisor Framework

The Alcide Advisor's main goal is to address K8s vulnerabilities before they are exploited at runtime, and it's built to ensure a frictionless and secured DevSecOps flow by hardening development stage before moving to production. It therefore isolates dev, staging and production environments by providing both static scans for security best practices and compliance of workload resources (Pod, ReplicaSets, DaemonSets, Jobs); as well as active workload scans for secrets and for creating new pods.

The dynamic analysis covers the following checks:

  • Kubernetes CIS Benchmark
  • Kubernetes vulnerability scanning
  • Hunting misplaced secrets, or excessive secret access
  • Workload hardening from Pod Security to network policies
  • Istio security configuration and best practices
  • Ingress controllers for security best practices
  • Kubernetes API server access privileges
  • Kubernetes operators security best practices

 

How Can Alcide Advisor Help You Do Your K8s Job Better?

The Alcide Advisor spans across security and best practices and serves as a one stop shop for everything Kubernetes. It continuously discovers, mitigates and validates your Kubernetes clusters' risks, and help developers, DevOps and engineering teams as follows:

Developers who don’t necessarily have an ops team in-house, but who need to ensure that the application they built can be deployed securely.

DevOps who are responsible for deploying and scaling applications in production, and need a fast, secured and automated deployments tool.

Engineering leads who need a security tool that can support them in migrating to their Kubernetes environments and in creating new services quickly and securely.

Dev-to-Production Alcide Security Platform

 

Bottom line: Alcide Advisor closes the loop between people who code, deliver and secure apps.

 

Get the Alcide Advisor here 

Topics: alcide advisor