Alcide Applies Machine Learning to Kubernetes Security

Alcide today launched an early access program for a tool that leverages machine learning algorithms to analyze multi-cluster Kubernetes deployments for breaches, anomalous behavior and misuse in real-time.

Company CTO Gadi Naor says Alcide kAudit continuously analyzes Kubernetes audit logs to surface usage and performance trends in way that identifies issues that might adversely impact applications or violate compliance mandates or security policies.

Once detected, that audit data can be exported to tools such as the application and infrastructure monitoring service from Datadog for further investigation. IT teams can also employ Alcide kAudit to create an assertion that will generate an alert whenever violated, adds Naor.

Alcide kAudit automatically assembles, catalogs and reports of violations, including usage of stolen credentials, stolen tokens, misconfigured access, vulnerabilities in the Kubernetes API Server that might have been exploited and security policies that might have been violated.

Given the highly dynamic nature of Kubernetes environments and all the dependencies that exist between microservices, Naor says it will be next to impossible for IT teams to know whether a compliance mandate or cybersecurity policy has been violated without relying on advanced analytics.

Naor says the challenge is developing a platform to provides that capability in a way that is both explainable to IT teams and doesn’t generate a massive number of false positive alerts.

In the absence of reliable analytics, many cybersecurity and compliance professionals are likely to object to deploying Kubernetes clusters at scale because of a lack of visibility into the environment.

Alcide developed Alcide kAudit as a complement to its microservices firewall and Alcide Kubernetes Advisor, which identifies potential security and compliance issues as applications are deployed on a Kubernetes cluster. The goal is to advance the adoption of DevSecOps practices by providing a set of tools that developers and cybersecurity teams can use to collaborate more easily, says Naor.

Naturally, many organizations are first turning to open source tools to try and achieve that goal. However, as a practical matter, open source cybersecurity tools often prove difficult to operationalize, says Naor. Most organizations don’t have the cybersecurity expertise required to operationalize tools.

In contrast to developers more than willing to learn how to deploy and manage Kubernetes, that same level of enthusiasm doesn’t usually extend to open source cybersecurity tools, notes Naor. As such, Alcide is betting most organizations will prefer commercial cybersecurity platforms that are tightly integrated.

It’s still early days as far as cybersecurity in Kubernetes environments is concerned. However, as is often the case with any emerging technology platform, there is a tendency to stand up Kubernetes clusters without all the security and compliance issues having been completely identified. In an ideal world, organizations will have worked through those issues before deploying applications on a Kubernetes cluster, but in the absence of a formal plan, there may be some comfort to be derived from a platform that can surface security and compliance issues before something truly catastrophic might occur.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1621 posts and counting. See all posts by Mike Vizard