2022 Gartner® Magic Quadrant™ SIEM
Get the reportMore
Alcide recently introduced Alcide kAudit, an automatic tool for analyzing Kubernetes Audit logs. This tool focuses on detecting non-compliant and anomalous behavior of users, automated service accounts and suspicious administration operations. Alcide’s recent integration with Sumo Logic enables users to gain full access to insights and real-time alerts from Alcide kAudit. Users are now able to detect Kubernetes’ compliance violations, security incidents, and administration activity anomalies directly from the Sumo Logic platform. They can also correlate and investigate these alerts with data from their other security data sources.
Combining Sumo Logic’s Ops capabilities with Alcide’s security offerings ensures users get full visibility into their Kubernetes clusters for application health, coupled with security insights for deeper investigation. This integration enables DevOps and security teams to focus on compliance violations and active security risks. This also enables users to quickly limit the “blast radius” and fix the causes of such security issues in their Kubernetes clusters. A detailed article on the importance of catching emerging security risks was recently published on Devops.com, by Alcide’s System Architect, Nitzan Niv.
Alcide kAudit automatically spots security-related issues with Kubernetes' administrative actions in near real-time, and tracks suspicious behaviors that can be identified by observing extended context over multiple activities. It combines a user-configured set of rules that filter any violation of the organization’s compliance policies.
The application will automatically target unique anomalies in the audited activity based on autonomous machine learning patterns.
Further down the pipeline, these findings can be pushed to DevOps teams via the Sumo Logic Platform as security-related alerts or collected for deep investigation and validation by security and audit experts to prove that a non-compliant activity or a security incident has taken place. Teams leveraging the Sumo Logic Continuous Intelligence Platform for Kubernetes alongside the kAudit integration can also build dashboards that correlate both operational and kAudit data for deeper insights.
A robust logs exploration dashboard for in-depth analysis
In the integration section, you can configure separate export channels for different alerts. For example, a dedicated channel for detected anomalies and another one for policy-matching audit entries. Each export integration is configured and used independently, so you can mix and match with Sumo Logic endpoints and Slack channels for example.
Alcide kAudit uses logs generated by an agent installed on each Kubernetes cluster.
The kAudit input stream consists of two log types:
Note that you may also set a rate limit on the number of messages sent per minute to the endpoint.
Closely monitor and track all security-related audit entries, documenting relevant activities by users or service components, filtering events indicating policy violations.
Based on a configured set of rules that faithfully identify all violations of an organization’s policies, with comprehensive trails of non-compliant activity that has taken place. With automated filters, a collection of such alerts is periodically delivered to compliance investigators or any other responsible party for immediate actioning.
Investigate specific operational and security issues, trace back to responsible parties, troubleshoot and identify root cause with ease.
Identifying K8s workloads that contain sensitive information such as access to critical databases throughout their lifecycle is a real challenge. With Alcide kAudit and Sumo Logic joint forces, you can easily track irregular behaviors and suspicious activity patterns while observing them with extended contexts, such as:
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.Start free trial
Observability has become one of the most important areas of your application and infrastructure landscape, and the market has an abundance of tools available that seem to do what you need. In reality, however, most products – especially leading open-source based products – were created to solve a single problem extremely well, and have added additional supporting functionality to become a more robust solution; but the non-core functionality is rarely best of breed. Examples of these are Prometheus and Grafana.