As enterprises adopt to micro-services and cloud based architecture, they are slowly moving from a single cloud deployment to a multicloud deployment involving a mixture of private and public cloud platforms. Multicloud deployments will accelerate in the future due to the myriad of benefits they offer. We observed that many of our large customers are using multiple public cloud providers for various reasons:
While there are many advantages of hybrid and multicloud deployments, it also complicates monitoring and securing your infrastructure for various reasons as described below.
Deepfence uses lightweight non-intrusive user-space sensors to provide solutions for the above mentioned problems in multicloud deployments as shown in the architecture diagram. Our community edition ThreatMapper addresses first two problems, namely visibility and measuring attack surface, whereas our Enterprise Edition addresses the other security challenges like integrity monitoring, east-west traffic analysis (including visibility into encrypted traffic), and multi-stage attack prevention in hybrid and multicloud architectures.
Deepfence provides both macro and micro-level visibility up to process level details and consolidates all the available information to provide a uniform centralized view to holistically manage all your security needs in contrast to piecemeal solutions available today. Our last few articles focused on integrating three most popular cloud platforms today: AWS, Azure, and Google Cloud. We also described how to manage your vulnerabilities using ThreatMapper and how to integrate the results with popular SIEM tools.
Deepfence Runtime APIs abstract all cloud provider, Kubernetes, service mesh, and container runtime specific gory details from users. Think of this as one uniform API to visualize, manage, and control security aspects for services running anywhere – i.e. managed pure greenfield container deployments or a mix of containers, VMs, and serverless platforms on Azure, AWS, and Google cloud.
Our powerful set of APIs enables users to automate their security analysis and response process such as vulnerability scanning as well as retrieve, delete, and compare the vulnerabilities found.
This example python script shows how some of these APIs work to authenticate, enumerate the hosts, and start vulnerability scans on a subset of nodes.
Essentially, you can use the runtime API to stream your multicloud infrastructure over a websocket and programmatically consume all changes happening across your infrastructure and take actions like scanning a new pod that came online or scanning a group of VMs provisioned recently, down to the level of process or an individual connection.