Getting-started

Overview

Barricade collects data from your server with an Agent - a simple, lightweight package that watches all network activity on your cloud server.

This data is encrypted and processed through Barricades’ central detection Engine, and findings are displayed in real-time in your dashboard and notification channels.

https://docs.barricade.io/src/img/getting-started/agent-chart-sm.png

Barricade’s Collection Workflow - gathering, processing and alerting (open full-size image).

How Agents Work

Agents quietly monitor, without getting in the way or impacting on your server resources. There is no need for any code or configuration changes to your app.

Data is gathered, encrypted and sent from the agent to the Barricade platform engine; where it’s immediately analyzed for any suspicious activity - detecting web app attacks, data breaches or intrusion attempts on your server.

Lightweight Agent

The agent sits quietly on your server and keeps an eye on things - the heavy data analysis processes are carried out by our platform’s engine - to ensure your performance isn’t affected.

Our design ensures that the agent does not -

  • Get in the way:
    the agent monitors and collects data, it will not block any traffic on your application
  • Slow down your server:
    the agent focuses on lightweight tasks; formatting and transmitting data to our engine.
  • Expose your data:
    all transmitted information is encrypted with 2048-bit SSL

One-Way Agent

Don’t worry - Barricade can’t connect to your server and execute commands. By design, the agent communicates out but Barricade can never communicate in.

Installation

The Agent is installed via a one touch command, which fetches the code, verifies the package signature and installs the agent on your server. For step-by-step installation instructions see the Installing an Agent guide.

What Can Agents see?

The agent gathers data about activity on your servers, and transmits it securely to our engine for real-time analysis.

  • Names and versions of software packages
  • Network traffic that goes in and out of your server from the network layer all the way up to the application layer
  • Configuration files for applications like Nginx and SSH
  • All transmitted data is encrypted with 2048-bit SSL, and promptly analyzed by our engine to check for any security issues.

Whatever DevOps tools you run, Barricade will detect and observe but not interfere - be it Chef, Puppet, Ansible, docker-composer, Beanstalk, etc.

Using this information, Barricade tells you immediately if someone is trying to break in, if data is leaving your network when it shouldn’t, if your server software is affected by known exploits and much more.

Our Detection Engine

Our platform engine makes decisions in real-time. Data is received from the agent and processed through statistical (machine learning) models to make decisions. When an attack is detected, the engine triggers an alert and we notify you immediately through our app and integration channels.

As new data comes in, the engine learns about different types of behaviors for your infrastructure and what seems to be normal behavior based on the services running.

The Engine is designed to distil complex machine learning concepts such as artificial neural networks, anomaly detection, and ensemble learning into consumable and actionable information.

For details on the various behaviors & attacks that Barricade detects - see the Security Guide.

OS Compatibility

Our Agent supports Ubuntu, CentOS, Debian and Red Hat based cloud servers - (common configurations on providers like AWS, Google Cloud Platform, DigitalOcean and Microsoft Azure).

  • Red Hat Enterprise Linux 6.x (64-bit)
  • Red Hat Enterprise Linux 7.x (64-bit)
  • Ubuntu 12.04 LTS (64-bit)
  • Ubuntu 14.04 LTS (64-bit)
  • Ubuntu 14.10 (64-bit)
  • Ubuntu 15.04 (64-bit)
  • Ubuntu 15.10 (64-bit)
  • Ubuntu 16.04 (64-bit) - Note: our vulnerability checks do not currently check Snap packages
  • CentOS 6.x (64-bit)
  • CentOS 7.x (64-bit)
  • Debian 7.x (64-bit)
  • Debian 8.x (64-bit)

Note: We currently do not check packages particular to EUS and AUS versions of Red Hat Enterprise Linux or those in the Red Hat extras channel.

Windows Support

We currently don’t support Windows servers, but it’s on our product roadmap. If you’d like to be added to our early access list for Windows, let us know and we’ll keep you informed.

Running the Agent on Docker

We are currently testing a new version of our agent that runs natively on Docker.

We’ll be shipping Docker support in early 2016 - get in touch if you’d like to get early access!

Account Setup

To get up and running with Barricade, go to app.barricade.io. First-time visitors will see this screen with account creation instructions:

https://docs.barricade.io/src/img/getting-started/signup-v3.png

If you’ve previously created an account, you can login by clicking Already Signed Up. To create a new account, you’ll be asked for:

  • an email address
  • a password (make it a good one!)

Confirm Account

Once you’ve completed the account setup, you’ll get a confirmation email from us, and you’ll see this screen:

https://docs.barricade.io/src/img/getting-started/welcome.png

You’re now inside the Barricade app, where you’ll be instructed to install your first agent.

Starting a Trial

Once you sign up on app.barricade.io, you’ll automatically start a free trial - giving you the full Barricade experience without having to pay anything!

The length of your trial is based on data, rather than time (as is our full pricing) - every server is different. We will monitor the network traffic in and out of your server until the 1GB limit is reached. The busier your server, the more data we collect and analyze for issues.

Once your trial data is used up, your trial is finished and you will be notified by email with next steps.

The trial should give you an idea of how much data your servers send and receive over time, helping you determine which price plan would best suits your needs. Get in touch if you have any questions or have special requirements - we’re happy to arrange custom plans to fit your organization.

Installing an Agent

You’ll find the installation command in the top panel of the Barricade app - click the New Agent button to reveal the install code, which you will need to copy, then paste and run on your server.

https://docs.barricade.io/src/img/getting-started/drawer-opening.gif

What is Installed?

The install command sets up a Barricade Agent on your server - a simple, lightweight package that is used to monitor activity on your server. See What is an Agent? for more details.

We will be open sourcing the Agent code on our Github page in the coming weeks.

How to Run SSH Commands

You’ll need to connect to your server via SSH to run the commands - how you go about doing this depends on the type of server you’re using (AWS, DigitalOcean, Microsoft Azure, etc).

If you’re unsure about how to do this, you should refer to your Cloud provider’s documentation:

To make an SSH connection, you’ll need the following:

  1. An SSH client or Command Line Tool
  2. Username (usually root on Linux)
  3. Password and/or SSH Key
  4. The IP address of your Server

An example of the DigitalOcean’s in-browser SSH tool, where you would run the command:

https://docs.barricade.io/src/img/getting-started/do-ssh.jpeg

Agent Detection

Shortly after you run the install command, the Barricade setup screen will update automatically to confirm that the Agent has been detected:

https://docs.barricade.io/src/img/getting-started/drawer-detection.gif

Once that’s done, you can close the form panel by clicking the ‘X’ in the top right-hand corner, or click the ‘Install Another’ button to start over and start additional agents.

Now that your Agent is running, your server is being monitored in real-time. Data will start to appear in your dashboard as activity is detected and analyzed.

Vulnerability Scan

Once the Agent is installed, a short video will appear in your dashboard while Barricade connects to your server and analyzes it for the first time.

https://docs.barricade.io/src/img/getting-started/scan-video-01.png

After the video, you will see the results of an initial vulnerability scan - a quick check over the OS and packages installed on your server.

https://docs.barricade.io/src/img/getting-started/scan-report-01.png

If you’re running any out-of-date software packages, the scan will let you know - highlighting things that are in need of updating or patching. Any vulnerabilities will be saved as Cases to your dashboard, so you can review them (and follow their recommendations) at a later stage.

The Case page will provide details on the vulnerabilities, and give recommendations.

https://docs.barricade.io/src/img/getting-started/scan-case-01.png

Example screenshot from an initial vulnerability case ^

Next: Using Barricade >

Troubleshooting

For more details on the Agent and how it works, see the Agent Overview.

The Agent is not detected.
If you’re experiencing problems during Agent installation, check that your server is compatible - server OS requirements.

If your server is compatible, try re-registering the agent or contact us for help.

I’m not sure how to run the command on a server.
You’ll need to connect to the server via SSH to run the command - see our guide here.