In the era of cloud-native application deployments, with containers, microservices and serverless architectures, traditional firewall technologies are typically a less than ideal solution.
Among the vendors that have emerged to tackle the challenge of microservices visibility is Israeli startup Alcide, which has positioned itself as a microservices firewall platform vendor. On Nov. 20, Alcide announced that it raised $7 million in a Series A round of funding, bringing total funding to date for the company to $12.2 million. Among Alcide's investors is CE Ventures, Intel Capital and Elron.
"Our approach is based on how the holy triangle between infrastructure, networking and applications should look like in a modern environment," Ranny Nachmias, CEO and co-founder of Alcide, told eWEEK.
Alcide was founded in 2016, and the company's flagship microservices firewall platform became generally available on April 3. The platform was further expanded on July 11, with serverless, functions-as-a-service security capabilities.
The participation of Intel Capital in the company's funding is also noteworthy as Nachmias commented that Intel isn't just an investor in Alcide, it is also a strategic partner.
"They [Intel] know a couple of things about data center security and networking, and we are having deep conversations about roadmaps and what technologies will be deployed to the market in the next couple of years, as part of the cloud providers environment," he said.
How It Works
Microservices generally refers to bundling a series of application containers to enable a larger application or service. Among the most popular approaches for enabling microservices is the Kubernetes container orchestration system. Nachmias said Alcide takes a somewhat agnostic approach to the microservices technologies it aims to help protect.
Deployment of a traditional firewall is at the perimeter of the network. The challenge with cloud-native and microservices environments is that there is no clearly defined perimeter. Nachmias said Alcide's microservices firewall is deployed on a per-host model basis.
"So for Kubernetes, it is deployed as a DaemonSet; for other hosts, it's an agent; on serverless, it is deployed as a function agent," he said.
Additionally, Alcide natively integrates with cloud APIs as well as DevOps tools and approaches including Chef, Puppet and Ansible. From a management perspective, Nachmias said Alcide enables enterprises to build security policies in code. The security policies can be configured to define what different services a given application is allowed to communicate with. Alcide also provides host-level protection via cloud APIs.
"We are able to segregate applications from the internet, load balancer and to the internal egress and third-party services," he said.
Visibility across cloud infrastructure is another core capability of Alcide, enabling administrators to see how applications are deployed.
"It's very easy to search, isolate, control and even enforce policies in real time," Nachmias said. "Essentially, all these events can be streamed either to our dashboard, as well as with other products like Slack and Splunk."
There are multiple vendors in the growing market for microservices and container security, including NeuVector, Capsule8, Aqua Security, Twistlock and Anchore, among others. Nachmias said Alcide is not specifically positioned as a container security vendor.
"We are not a container security company. Our approach is that we don't care about which computer technology stack an organization is using. You can use containers, functions, VMs or even bare metal," he said. "We are a runtime security platform."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.