Alert Logic announced on Oct. 9 new capabilities and deployment options for its Network Intrusion Detection System (NIDS) for container security.
Among the new capabilities that the company is adding to its platform are enhanced log management and visibility features to help identify and hunt for threats. Additionally, Alert Logic is now expanding support beyond Amazon Web Services (AWS) to also include Microsoft Azure—as well as on-premises deployments.
“We not only have the network perspective for containers, now we also have the log perspective,” Chris Noell, senior vice president of engineering at Alert Logic, told eWEEK.
Alert Logic first released its network security capability for containers on AWS in July, providing organizations with network intrusion detection. The capability is an expansion of Alert Logic’s Cloud Defender and Alert Logic Threat Manager solutions, providing visibility into container and Kubernetes deployments.
“We really are extending security capabilities that we already have in our platform to containerized environments,” Noell said. “Some of the capabilities would technically work in a containerized environment, but what was missing was the context of the container.”
Noell said that in the latest release, Alert Logic has also made deployment and configuration easier to help organizations get started faster.
Log Management
Alert Logic now collects metadata about container deployments that can be useful for threat investigation. Noell said Alert Logic is collecting data from the Docker API that can tell organizations about the container workload that was running when the container environment was attacked.
Additionally, he said Alert Logic provides supplemental context about network security data to help further inform threat investigations.
Deployment
John Norden, release director of Product and Release Management at Alert Logic, explained that the way the container security technology is deployed is as a native approach within Kubernetes. For Kubernetes, Alert Logic creates a DaemonSet, which is a core Kubernetes capability for running certain workloads within a pod.
“We provide the DaemonSet for customers to pull down from our documentation site and essentially they just have to deploy it like they do anything else,” Norden said. “It points out to an image that we have prebuilt and is readily available out on Docker Hub.”
Matthew Harkrider, co-founder and senior product manager at Alert Logic, said the move to support more than just AWS was driven by customer demand to have both portability and multicloud capabilities. Looking forward, Harkrider said Alert Logic will continue to broaden the capabilities of the current offering. Among the features that are planned for the coming months are vulnerability scanning and security audit management.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.