alcide

Alcide Blog

Cloud-native Security Provider

Alcide Integrates with Datadog to Enable Easy Kubernetes Audit Logs Monitoring and Investigation

Nov 19, 2019 3:00:00 PM / by Karine Regev

image (7)

In our recent blog about making Kubernetes logs auditing a viable practice we mentioned that in general, audit logs are used in two ways:

  1. To proactively identify a non-compliant behavior. 
  2. To reactively investigate a specific operational or security problem by tracing back to the responsible party, root causes or contributing factors by a post-mortem investigation. 

To accomplish these goals an audit analysis system should process audit logs by combining a user-configured set of rules, that filter any violation to the organization’s policies, with automatic detection of anomalous patterns in the audited activity based on autonomous machine learning. The findings can be pushed to DevOps teams as security-related alerts, or collected for deep investigation and validation by security and audit experts to prove that a non-compliant activity or a security incident has taken place. 

Today, I am happy to announce our new integration of Alcide kAudit with Datadog, the leading monitoring platform. Alcide kAudit, automatically analyzes Kubernetes Audit logs, detecting non-compliant and anomalous behaviors of users and automated service accounts as well as anomalous administration operations. Users will now get insights and alerts from Alcide kAudit in real time and directly from the Datadog platform, in order to detect Kubernetes compliance violations, security incidents and administration activity anomalies.

Combining Datadog Ops capabilities with Alcide kAudit security capabilities will ensure users get full visibility into their K8s clusters for application health, coupled with security insights for further investigation.

 

For Alcide, the leading Kubernrtes security innovator, building this integration is a natural step towards making Kubernetes Audit logs easy to monitor and investigate. Providing relevant and real-time insights about misuse or abuse of Kubernetes management and administration capabilities, Alcide’s integration with Datadog lets DevOps and security personnel focus on compliance violations and active security risks. This will enable companies to quickly limit the impact and fix the causes of such security issues in their Kubernetes clusters. 

Get started with Datadog and Alcide or visit us at KubeCon San Diego, booth #SE-45 to learn more.

 

Meet us at KubeCon

 

 

Additional reading:


 

Topics: Kubernetes security, Datadog