As we are heading towards the end of 2020 (good riddance, right?), we are thrilled to share the great recent additions to the Alcide Kubernetes Security Platform.
Visibility and Control Enhanced With Alcide Runtime Protection
The Alcide Runtime (kArt) module covers microservices firewall at scale, optimized for complex cloud deployments and is equipped with an advanced machine learning engine for potential threats and anomalies in network traffic. Here are some of its latest key features:
- Mapping and Visualization of Kubernetes Namespaces:
The namespaces concept introduces order and organization when handling a large number of objects. It brings essential management capabilities in terms of categories, filters, and also very common with applying network and security policies. In short, Kubernetes namespaces are your dear friends when coordinating different teams through the development pipeline.
Namespaces view on Alcide's platform
With kArt and its comprehensive application view, we provide enhanced and panoramic visibility into your network infrastructure, backed by embedded security and compliance policies into the organization’s microservices.
- Embedded Policies just got buffed
Alcide’s Embedded Policies are based on Kubernetes annotations and created by developers as part of the CI/CD process. These policies enable early stage network controles to achieve principle of least privilege works by allowing only enough access to perform the required job for applications and microservices. Alcide’s embedded policies have some key advantages including:
- Dynamic policy - any topological change during runtime will be automatically updated in the policy rule that was initially set, avoiding the use of static rules like IP rules, for example.
- Extended syntax - have the ability to define endpoint rules for Pods, ReplicaSets and DaemonSets, as well as defining Namespaces rules.
Namespaces view on Alcide's platform
- Covert Attack Detection
There’s always a challenge to log and track all processes, especially the ones with a lifespan of milliseconds. From an attacker perspective, these short-lived processes can be exploited toward performing covert activity driving attacks “under the radar”.
From a Kubernetes point of view, it would be ideal to tie such an ephemeral process with specific pods, however, it is extremely difficult to do, since the process will already be “dead”. With kArt, we are able to spot any process, no matter how short its lifespan is, thus detecting potential threats and covert attacks, leveraging such vulnerabilities.
kAudit - Kubernetes Audit Logs Are a Goldmine for Security
Automating audit logs sets up the ground for early detection of abnormal activities and anomalies. In today’s world of artificial intelligence (AI) and machine learning, that’s a key differentiator that will lead to superior enforcement capabilities.
Alcide’s kAudit, an automated analytics and forensics module, is specifically designed for detecting and identifying suspicious activity, based solely on Kubernetes’ audit logs.
kAudit fits in perfectly for the complex multi-cluster Kubernetes environments that companies build today. With an AI-based detection and prevention mechanism, kAudit provides a high-resolution network detection security layer. It gives instant insights and alerts on any suspicious activity and deviations from strict compliance requirements such as PCI, GDPR and HIPAA.
We recently enhanced our kAudit integrations with AWS Security Hub and Azure
Sentinel which we will cover here shortly. In addition, we launched another successful partnership with New Relic, a leading monitoring and observability company.
Enhanced Jira Cloud Integration
With Agile support and numerous customizable integrations, Atlassian’s Jira remains the popular solution for project management, monitoring issues and tracking roadmap requirements.
Alcide’s platform offers a seamless API integration with Jira Cloud, allowing users to continuously alter configuration settings and open Jira issues directly from the kAdvisor report page with a click of button, based on the specific data and findings.
AWS Partnerships and Integrations
Alcide is a long-time technology partner with AWS, with various integration and supported services in both security and DevOps domains.
Whether it’s real-time mapping and visualization of your infrastructure, enforcing policy segmentation, or automating security guardrails, leveraging Alcide’s platform capabilities on top of AWS deployments offers the right balance between flexible operation cycles and effortless management of security controls. Here are some of our most recent collaborations:
- AWS Security Hub
In today’s world of advanced cloud-native applications, security teams must rely on richer data in order to adhere to strict regulatory compliances and company policies.
For that reason, Alcide brings its Kubernetes threat detection and policy monitoring to AWS Security Hub.
With kAudit, AWS users are able to continuously scan Kubernetes audit logs and flag any unusual or suspicious network behavior along with instant insights and relevant alerts.
Read more about it on the official Alcide - AWS Security Hub press release.
- AWS Outposts Launch Partner
As a fully managed service, AWS Outposts are configurable compute and storage racks, extending AWS Infrastructure, services, APIs, and additional tools for on-premise resources. Alcide recently announced that it has achieved the AWS Outposts Ready designation, by demonstrating successful integration with AWS Outposts.
Read more about it on the official Alcide - AWS Outposts press release.
- Bottlerocket Launch Partner
AWS Bottlerocket is a Linux-based, open-source operating system, built for hosting Linux-based containers. Bottlerocket strongly focuses on both security and durability, making it the optimal solution for running orchestrated containers at scale.
As a Bottlerocket technology launch partner, Alcide provides Kubernetes security to developers using Bottlerocket and Amazon EKS. Alcide’s platform includes monitoring pre-deployment and production environments for Kubernetes misconfigurations, as well as new zero-day vulnerabilities and exploits while helping organizations meet compliance needs. Read more about it on the official Alcide - AWS Bottlerocket press release.
Microsoft MISA Program Partner
Since its launch in 2018, the Microsoft Intelligent Security Association (MISA) brings together critical integrations that benefit shared customers and offers holistic solutions that help them better defend against a world of increasing threats.
Alcide’s recent partnership with MISA focuses on kAudit and its integration with Azure Sentinel, Microsoft’s cloud-native security information and event manager (SIEM) platform. This collaboration enables security teams to meticulously monitor Kubernetes audit logs and identify potential threats while significantly reducing time to detection. Read more about it in the official Alcide - MISA press release.
Ramping up with Rancher - Addressing Kubernetes on the Edge
Alcide and Rancher have teamed up for bringing automated and unified security guardrails across multiple clusters. Such a mitigation strategy is key when dealing with today’s complexity of distributed environments. This integration introduced the kAdvisor, a Kubernetes multi-cluster vulnerability scanner, as part of Alcide’s platform.
This module is designed to detect hygiene and conformance drifts from the CI/CD pipeline by adding a security automation layer on top of Rancher’s orchestration capabilities, including the support of K3s and Kubernetes on the Edge.
The Advisor is currently available via Rancher’s GitHub repository, simply packaged with Helm charts, allowing users to gain access and run a full cluster scan at early stages in a matter of seconds. It is also available directly from Rancher’s Apps Catalog.
Read more about it in our featured blog on Rancher’s website.
Alcide’s Enhanced Open Source Toolset
sKan is a tailor-made Kubernetes configuration files and resources scanner that allows developers and DevOps teams to check whether their work is compliant with security and Ops best practices. It is powered by the kAdvisor engine and operates with Kubernetes application builders' choice of deployment framework tooling; Helm charts, Kustomized resources, or Kubernetes resource files (YAML/JSON).
Imagine you are a developer, about to submit a Pull Request as part of your GitOps workflow. With sKan, you are able to scan the manifest file and get the results before merging any changes. This can practically make you immune to security drifts and misconfigurations, ensuring the safe deployment of the manifest to your environment.
The rbaK tool is what we like to call the “Swiss Army knife” for Kubernetes’ RBAC controls. As RBAC is often known for not being so user-friendly, this tool significantly simplifies querying and the creation of RBAC policies. For example, you can’t simply allow “everything” except specific use-cases, like reading Kubernetes secrets for example, as there is no “Deny” option for such permissions. Paper cuts like this are an everyday struggle for administrators, and for that very reason, we came up with this tool.
rbaK also offers additional features like visualization for RBAC relations, role-bindings, service accounts, etc. Another great example that makes life much easier is that you can generate customized policies by running a single command.
Designed for Devops, Trusted by Security
Alcide’s main goal is to keep helping organizations who already adopted Kubernetes and wish to continuously maintain high standards of security and hygiene across multiple clusters and throughout the entire CI/CD pipeline.
We are all about Kubernetes security, and we will keep striving for the best experience our customers can have while providing outstanding products, service and support.
Driving Kubernetes security and best practices while keeping innovation in mind is key.
Our team is devoted to achieving this goal by living up to the “doing good” philosophy in the cloud native and Kubernetes communities.