Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes Deployments
Cequence Security: A Cloud Native Approach to Application Security • Venture-backed start-up bringing much-needed innovation to application security • Award-winning AI-powered security platform delivered as containers to CLOUD NATIVE protect web, mobile, API-based applications from bot attacks and vulnerability exploits • Built on top of cloud native components like Kubernetes and Prometheus • Plays well with existing ingress controllers and Sidecars like Envoy and NGINX, without needing to replace them PUBLIC CLOUD • Visit us at www.cequence.ai DATA CENTER 2
Your Public Facing Applications Are Attack Targets Partner API Supplier API Web Customer Mobile Customer Business Logic Abuse Vulnerability Exploits Highly automated Highly targeted • • Content appears legitimate Exploiting app vulnerabilities • • Difficult to detect and block Both known and unknown • • 3
Runtime Application Protection for Monolithic Applications Vulnerability Frontend Scan Breach Business Data Internet WAF Logic Access Load Balancer MONOLTHIC APPLICATIONS DATA CENTER PUBLIC CLOUD 4
Runtime Application Protection for Monolithic Applications Scraping Inventory Lockup Fake Likes Vulnerability Fake Accounts Frontend Scan Credential Breach Stuffing Business Data Internet BOT WAF Logic Access Load Balancer MONOLTHIC APPLICATIONS DATA CENTER PUBLIC CLOUD 5
Runtime Application Protection for Monolithic Applications Scraping Inventory Lockup Fake Likes Vulnerability Fake Accounts Frontend Scan Application Credential Breach Floods Stuffing Business Data Internet App DDOS BOT WAF Logic Access Load Balancer MONOLTHIC APPLICATIONS DATA CENTER PUBLIC CLOUD 6
Monolith to Microservices User User Interface Interface Business Data </> </> API API Logic Access USER MANAGEMENT INVENTORY MGMT MICROSERVICE MICROSERVICE </> API </> </> API API MONOLTHIC DATA ACCESS CUSTOMER REVIEWS APPLICATIONS MICROSERVICE SHOPPING CART MICROSERVICE MICROSERVICE 7
New Security Challenge: Increased Entry Points Scraping Inventory Lockup User Interface Fake Likes Vulnerability Fake Accounts Scan </> </> API API Application Credential Breach Floods Stuffing USER MANAGEMENT INVENTORY MGMT MICROSERVICE MICROSERVICE Internet App DDOS BOT WAF </> API </> </> API API DATA ACCESS CUSTOMER REVIEWS MICROSERVICE SHOPPING CART MICROSERVICE MICROSERVICE 8
New Security Challenge: Keep up with DevOps Pace Scraping Inventory Lockup User Interface Fake Likes Vulnerability Fake Accounts Scan </> </> API API Application Credential Breach Floods Stuffing USER MANAGEMENT INVENTORY MGMT MICROSERVICE MICROSERVICE Internet App DDOS BOT WAF </> API </> </> API API DATA ACCESS CUSTOMER REVIEWS MICROSERVICE SHOPPING CART MICROSERVICE MICROSERVICE </> API </> API CUSTOMER RATINGS MICROSERVICE SHOPPING CART v2 MICROSERVICE 9
New Security Challenge: Heterogeneous Environments Scraping Inventory Lockup User Interface Fake Likes Vulnerability Fake Accounts Scan </> </> API API Application Credential Breach Floods Stuffing USER MANAGEMENT INVENTORY MGMT MICROSERVICE MICROSERVICE Internet App DDOS BOT WAF </> API </> </> API API DATA ACCESS CUSTOMER REVIEWS MICROSERVICE SHOPPING CART MICROSERVICE MICROSERVICE 10
New Security Challenge: Multi-Cloud Environments Scraping Inventory Lockup User Interface Fake Likes Vulnerability Fake Accounts Scan </> </> API API Application Credential Breach Floods Stuffing USER MANAGEMENT INVENTORY MGMT MICROSERVICE MICROSERVICE Internet App DDOS BOT WAF </> API </> </> API API DATA ACCESS CUSTOMER REVIEWS MICROSERVICE SHOPPING CART MICROSERVICE MICROSERVICE 11
New Approach: From Perimeter Defense to Microservices Defense WAF Bot App DDoS Frontend App DDOS BOT WAF Business Data Logic Access </> API MONOLTHIC APPLICATIONS MICROSERVICES PODS 12
Runtime Application Protection for Microservices User Interface W AF W Bo AF t App Bo DDoS t App DDoS </> </> API API Internet USER MANAGEMENT MICROSERVICE INVENTORY MANAGEMENT MICROSERVICE W AF Bo t App W DDoS AF Bo t App W DDoS AF </> Bo t API App DDoS </> API </> API DATA ACCESS MICROSERVICE SHOPPING CART MICROSERVICE CUSTOMER REVIEWS MICROSERVICE 13
Must-Haves in Runtime Application Protection for Microservices Designed to work with existing applications without making modifications • SIMPLE Non-invasive: no agents, SDK, or JavaScript • Microservices based protection for protecting other microservices • RELEVANT Co-exist and not replace with existing Ingress Controllers and Sidecars • Single pane of glass for all microservices • EFFECTIVE Protection moves with the microservices to any cloud • 14
New Security Stack for Microservices Runtime Application Protection (WAF, Bot & Application DDoS) Container Security & Compliance Infrastructure Security 15
16
Thank you! 17
Recommend
More recommend