In our recent blog about making Kubernetes logs auditing a viable practice we mentioned that in general, audit logs are used in two ways:
- To proactively identify a non-compliant behavior.
- To reactively investigate a specific operational or security problem by tracing back to the responsible party, root causes or contributing factors by a post-mortem investigation.
To accomplish these goals an audit analysis system should process audit logs by combining a user-configured set of rules, that filter any violation to the organization’s policies, with automatic detection of anomalous patterns in the audited activity based on autonomous machine learning. The findings can be pushed to DevOps teams as security-related alerts, or collected for deep investigation and validation by security and audit experts to prove that a non-compliant activity or a security incident has taken place.
Today, I am happy to announce our new integration of Alcide kAudit with Datadog, the leading monitoring platform. Alcide kAudit, automatically analyzes Kubernetes Audit logs, detecting non-compliant and anomalous behaviors of users and automated service accounts as well as anomalous administration operations. Users will now get insights and alerts from Alcide kAudit in real time and directly from the Datadog platform, in order to detect Kubernetes compliance violations, security incidents and administration activity anomalies.
Combining Datadog Ops capabilities with Alcide kAudit security capabilities will ensure users get full visibility into their K8s clusters for application health, coupled with security insights for further investigation.
For Alcide, the leading Kubernrtes security innovator, building this integration is a natural step towards making Kubernetes Audit logs easy to monitor and investigate. Providing relevant and real-time insights about misuse or abuse of Kubernetes management and administration capabilities, Alcide’s integration with Datadog lets DevOps and security personnel focus on compliance violations and active security risks. This will enable companies to quickly limit the impact and fix the causes of such security issues in their Kubernetes clusters.
- For a free download of Alcide kAudit, sign up here.
- Alcide kAudit Press Release: Alcide Advances Real-time, Automated K8s Forensics and Analysis with kAudit