SlideShare a Scribd company logo

Connect Ops and Security with Flexible Web App and API Protection

DevOps.com
DevOps.com

The document discusses the importance of securing applications and APIs across various infrastructures, highlighting the challenges posed by an expanding attack surface. It introduces Signal Sciences' next-gen web application and API protection (WAAP) platform, which seamlessly integrates security within DevOps processes, offering solutions like bot protection and advanced rate limiting. The platform aims to deliver proactive defense with real-time protection, allowing organizations to innovate without compromising security.

Technology
1 of 40
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Connect Ops and Security with Flexible Web App and API Protection Aneel Dadani Orlando Barrera II
Agenda • Introductions • Security and Visibility • API and Microservices Protection • Reduce Friction between DevSecOps • Demo
Introductions Orlando Barrera II Technical Account Manager Signal Sciences Aneel Dadani Technical Account Manager Signal Sciences
Large enterprises can leverage applications and APIs running on premise, in data centers or cloud. But that scale widens the attack surface. THE CHALLENGE: Protecting Apps and APIs Across Infrastructure
IMAGE GOES HERE API and Microservices • Where is your application running? • What APIs do you have? • Who is accessing your APIs? • How are your APIs protected? • What data is your API endpoint processing? • Do you have visibility into your Microservice East to West traffic? Ask yourself :
Effective Web and API Protection The solution is simple: developers and operations staff need application security that works in production without maintenance yet integrates with DevOps tools and processes.
Signal Sciences Web Application and API Protection (WAAP) Platform Next-Gen WAF Complete protection for your Apps and APIs RASP Easy to install Runtime Application Self-Protection Bot Protection Prevent bad bots from performing malicious actions Advanced Rate Limiting Control the amount of requests from potential threats API Protection Stop unauthorized access to your APIs and microservices ATO Protection Stop account takeover and credential stuffing DDoS Block Denial-of-Service attacks
Service LayerIntegrated Deployment Strategic Coverage Across the Enterprise Advanced Protection at Scale to Match the Velocity of DevOps Internet
Key Means for Proactive Web App and API Protection DevOps teams need to move fast to innovate. But maintaining release velocity doesn’t mean sacrificing security.
Abstract Security, Provide Visibility
Hybrid SaaS Architecture: Fast Local Decisions Plus the Power of Cloud • Optimized local detection via SmartParse, eliminating false positive decisions • Decisioning is enriched by Cloud Engine intelligence – not signatures • Fail-open design avoids app downtime shut- downs and blocked access A New Approach to Web App and API Protection
Signal Sciences Architecture Real-time web app protection that scales without impacting performance Load Balancer Web Servers Application Containers PaaS Service Mesh API Gateway Hosted Cloud WAF Reverse Proxy
Slide Title Goes Here on One Deck • First bulleted copy of point you want to make • Second bulleted copy point • Third bulleted copy point etc.
Web Request Volume Protected Per Month
Monolithic Containerization By 2022, more than 75% of global organizations will be running containerized applications in production.
Progression to the container world Servers Monolithic Waterfall VMs N-Tiered Systems Separation Containers Microservices DevOps (DevSecOps)
Monolithic /catalog /cart /reviews /catalog /cart /reviews • Services must be written in the same language • Difficult to work on different services in parallel (“integration hell”) • Full app needs to be re-deployed with every update • Scaling requires replicating entire app which can lead to waste/unnecessary hosting costs • Services can be in different languages • Easier to work on services in parallel, add new services • Can deploy services individually, enables continuous deployment. • Can scale services individually Microservices
Traditional WAF • Rules-Based • Limited Scalability • Longer Deployment Next-Gen WAF • Out-of-the-Box Detection • Highly Scalable • Quicker Deployment sudo apt-get install sigsci-agent
Traditional WAF Next-Gen WAF Datacenter AWS GCP Google Cloud Armor • Different rulesets • Different UI, feature sets • Disjointed WAF policy Datacenter AWS GCP • Single ruleset • Single UI, feature set • Unified WAF Policy
Automated Web Layer Protection Without Rules Tuning Fast, inline blocking decisions with SmartParse • Enables our offering to fail open • Battle tested: inspects and decisions on 250+ billion web requests weekly • Virtually eliminates false positives Net result: Web protection that works in production so security teams can focus on high-value work, not WAF rules maintenance
Cloud Native Application Protection • Inspects BOTH east-west and north-south traffic routed via microservices architectures without code changes • Increased flexibility to deploy Layer 7 protection in cloud-native applications • Increases Layer 7 visibility with simplified deployment for containerized microservices orchestrated via Kubernetes
• Internal Microservices will be just internal… • Since internal Microservices are internal they don’t need the same level of security/authentication • Communication between internal Microservices should be legitimate traffic Assumptions of Internal Microservices
Because apps are highly distributed, 70-80% of traffic is now east-west traffic in data centers. North-South and East- West Traffic
Connect Ops and Security with Flexible Web App and API Protection
Reduce Friction between DevSecOps
What it Might Look Like in Practice Ingress / Software Perimeter RASP Service Mesh Traditional Perimeter-based
Load Balancer Deployment Options with Full Feature Parity Enabling Applications Across Any Architecture Web Servers Application Reverse Proxy Containers: Kubernetes, Docker PaaS Service MeshCloud WAF: No Agents to Deploy API Gateway As a sidecar In container Cloud WAF
Runs across the Modern Infrastructure Mix • Major cloud providers • Containers • Hardware • Serverless options • Platform services
Active Web App and API Protection Everywhere See, Secure and Scale Across: Any App Cloud Containers, PaaS & Serverless Web Servers & Languages Gateways & Proxies Any Attack OWASP Injection Attacks PLUS: Bad Bots DDoS Brute Force Attacks Application Abuse & Misuse Request Rate Limiting Account Takeover Virtual Patching Any DevOps Toolchain INCLUDING: Generic Webhooks & Any Custom Tools via Full RESTFul/JSON API
DevOps Tool Integrations Break Down Silos Feedback Loops Make All Teams Security Stakeholders Make security visible: Unified management console provides actionable data to quickly understand what’s happening in production Keep everyone informed: Push security data to the tools security and DevOps teams already use: Slack, PagerDuty, Jira, Datadog, OpsGenie, etc. Share consistent data: All teams make decisions from same security data
Correlate and analyze web request data in other tools API-first: any information available in our management console can be accessed via our API Import request data into a data analysis tools like Splunk, Kibana etc. Easily correlate collected web request security data with external data sources for further analysis Example of Signal Sciences flagged IPs and raw request meta data pulled into Splunk
Provide Operations Teams Data to Ensure Uptime Surface Metrics that Matter Client- and server- side errors to response errors, broken links; highly targeted APIs Identify Critical Issues Fast Metrics can point to server or application configuration issues so teams can triage faster Share data via API Pull these metrics into the systems your DevOps teams already use to pinpoint problematic issue fast Example of visibility into operational data points like anomalies and application behavior that Signal Sciences surfaces to DevOps teams.
IMAGE GOES HERE Trust Developers but Verify API Visibility ● Reduced Request volume ~10M RPS ● ~9% reduction in the quarter ● Dev team modified the API to improve performance and reduce request volume
Signal Sciences One Integrated Platform Delivers: • Cloud-native protection at lowest TCO • Protection in any infrastructure: cloud, on premise, containers, and hybrid environments • DevOps and security tooling integrations • Unified management of all your defenses Architected for Flexible, Proactive Defense • Agent-module pair and Cloud Decision Engine enables easy deployment to • stop web attacks • Provides unified view across all your apps wherever they run
Demo
Monolithic deployment
Docker deployment Docker Container
Envoy Proxy
Q&A
Thank You!

More Related Content

What's hot (20)

PDF
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
PDF
LFX Nov 16, 2021 - Find vulnerabilities before security knocks on your door
Eric Smalling
 
PDF
Security in CI/CD Pipelines: Tips for DevOps Engineers
DevOps.com
 
PPTX
DevOps to DevSecOps Journey..
Siddharth Joshi
 
PDF
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
PDF
DevSecOps | DevOps Sec
Rubal Jain
 
PPTX
Vulnerability Discovery in the Cloud
DevOps.com
 
PDF
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
PPTX
Application Security from the Inside Out
Ulisses Albuquerque
 
PDF
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
PPTX
How to Get Started with DevSecOps
CYBRIC
 
PPTX
Continuous Security Testing with Devops - OWASP EU 2014
Stephen de Vries
 
PDF
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
PDF
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
JadeCampbell13
 
PDF
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
 
PPTX
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Gene Gotimer
 
PDF
8 Tips for Deploying DevSecOps
Felicia Haggarty
 
PDF
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
PPTX
DevSecOps OWASP
Priyanka Raghavan
 
PPTX
What it feels like to live in a Security Enabled DevOps World
Karun Chennuri
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
LFX Nov 16, 2021 - Find vulnerabilities before security knocks on your door
Eric Smalling
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
DevOps.com
 
DevOps to DevSecOps Journey..
Siddharth Joshi
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
DevSecOps | DevOps Sec
Rubal Jain
 
Vulnerability Discovery in the Cloud
DevOps.com
 
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
Application Security from the Inside Out
Ulisses Albuquerque
 
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
How to Get Started with DevSecOps
CYBRIC
 
Continuous Security Testing with Devops - OWASP EU 2014
Stephen de Vries
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
JadeCampbell13
 
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Gene Gotimer
 
8 Tips for Deploying DevSecOps
Felicia Haggarty
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
DevSecOps OWASP
Priyanka Raghavan
 
What it feels like to live in a Security Enabled DevOps World
Karun Chennuri
 

Similar to Connect Ops and Security with Flexible Web App and API Protection (20)

PPTX
Disruptive Trends in Application Development
WaveMaker, Inc.
 
PDF
Infrastructure as Code in Large Scale Organizations
XebiaLabs
 
PDF
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
PDF
Cisco ACI for the Microsoft Cloud Platform
Shashi Kiran
 
PDF
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
DigitalOcean
 
DOCX
The Rise of Serverless Architecture in Web Development.docx
Savior_Marketing
 
PPTX
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
Trevor Hess
 
PDF
Deploying Secure Modern Apps in Evolving Infrastructures
SBWebinars
 
PDF
Automate and customise application services and deployment
F5NetworksAPJ
 
PDF
Automate and customise application services and deployment
Christina Hoh
 
PPTX
Overview of ManageEngine Applications Manager
ManageEngine Applications Manager
 
PPTX
Reduce Risk with End to End Monitoring of Middleware-based Applications
SL Corporation
 
PDF
Innovation with Open Sources and App Modernization for Developers | Ian Y. Choi
Vietnam Open Infrastructure User Group
 
PPTX
7 steps to Enterprise PaaS
VMware vFabric
 
PPTX
Going Reactive in Java with Typesafe Reactive Platform
Legacy Typesafe (now Lightbend)
 
PPTX
CSC AWS re:Invent Enterprise DevOps session
Tom Laszewski
 
PPTX
What is DevOps?
Mesut Güneş
 
PDF
API and App Ecosystems - Build The Best: a deep dive
Cisco DevNet
 
PDF
Why Microservice
Kelvin Yeung
 
PPTX
Twelve factor-app
José Javier Vélez Colón
 
Disruptive Trends in Application Development
WaveMaker, Inc.
 
Infrastructure as Code in Large Scale Organizations
XebiaLabs
 
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
Cisco ACI for the Microsoft Cloud Platform
Shashi Kiran
 
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
DigitalOcean
 
The Rise of Serverless Architecture in Web Development.docx
Savior_Marketing
 
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
Trevor Hess
 
Deploying Secure Modern Apps in Evolving Infrastructures
SBWebinars
 
Automate and customise application services and deployment
F5NetworksAPJ
 
Automate and customise application services and deployment
Christina Hoh
 
Overview of ManageEngine Applications Manager
ManageEngine Applications Manager
 
Reduce Risk with End to End Monitoring of Middleware-based Applications
SL Corporation
 
Innovation with Open Sources and App Modernization for Developers | Ian Y. Choi
Vietnam Open Infrastructure User Group
 
7 steps to Enterprise PaaS
VMware vFabric
 
Going Reactive in Java with Typesafe Reactive Platform
Legacy Typesafe (now Lightbend)
 
CSC AWS re:Invent Enterprise DevOps session
Tom Laszewski
 
What is DevOps?
Mesut Güneş
 
API and App Ecosystems - Build The Best: a deep dive
Cisco DevNet
 
Why Microservice
Kelvin Yeung
 
Twelve factor-app
José Javier Vélez Colón
 
Ad

More from DevOps.com (20)

PDF
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
PPTX
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
PPTX
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
PDF
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
PDF
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
 
PDF
A New Year’s Ransomware Resolution
DevOps.com
 
PPTX
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
PDF
Don't Panic! Effective Incident Response
DevOps.com
 
PDF
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com
 
PDF
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
DevOps.com
 
PDF
Monitoring Serverless Applications with Datadog
DevOps.com
 
PDF
Deliver your App Anywhere … Publicly or Privately
DevOps.com
 
PPTX
Securing medical apps in the age of covid final
DevOps.com
 
PDF
How to Build a Healthy On-Call Culture
DevOps.com
 
PPTX
The Evolving Role of the Developer in 2021
DevOps.com
 
PDF
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
PPTX
Secure Data Sharing in OpenShift Environments
DevOps.com
 
PPTX
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
PDF
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com
 
PDF
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
 
A New Year’s Ransomware Resolution
DevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
Don't Panic! Effective Incident Response
DevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
DevOps.com
 
Monitoring Serverless Applications with Datadog
DevOps.com
 
Deliver your App Anywhere … Publicly or Privately
DevOps.com
 
Securing medical apps in the age of covid final
DevOps.com
 
How to Build a Healthy On-Call Culture
DevOps.com
 
The Evolving Role of the Developer in 2021
DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Secure Data Sharing in OpenShift Environments
DevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Ad

Recently uploaded (20)

PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PDF
“NPU IP Hardware Shaped Through Software and Use-case Analysis,” a Presentati...
Edge AI and Vision Alliance
 
PDF
Staying Human in a Machine- Accelerated World
Catalin Jora
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Advancing WebDriver BiDi support in WebKit
Igalia
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
Biography of Daniel Podor.pdf
Daniel Podor
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
“NPU IP Hardware Shaped Through Software and Use-case Analysis,” a Presentati...
Edge AI and Vision Alliance
 
Staying Human in a Machine- Accelerated World
Catalin Jora
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Advancing WebDriver BiDi support in WebKit
Igalia
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
Biography of Daniel Podor.pdf
Daniel Podor
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 

Connect Ops and Security with Flexible Web App and API Protection

  • 1. Connect Ops and Security with Flexible Web App and API Protection Aneel Dadani Orlando Barrera II
  • 2. Agenda • Introductions • Security and Visibility • API and Microservices Protection • Reduce Friction between DevSecOps • Demo
  • 3. Introductions Orlando Barrera II Technical Account Manager Signal Sciences Aneel Dadani Technical Account Manager Signal Sciences
  • 4. Large enterprises can leverage applications and APIs running on premise, in data centers or cloud. But that scale widens the attack surface. THE CHALLENGE: Protecting Apps and APIs Across Infrastructure
  • 5. IMAGE GOES HERE API and Microservices • Where is your application running? • What APIs do you have? • Who is accessing your APIs? • How are your APIs protected? • What data is your API endpoint processing? • Do you have visibility into your Microservice East to West traffic? Ask yourself :
  • 6. Effective Web and API Protection The solution is simple: developers and operations staff need application security that works in production without maintenance yet integrates with DevOps tools and processes.
  • 7. Signal Sciences Web Application and API Protection (WAAP) Platform Next-Gen WAF Complete protection for your Apps and APIs RASP Easy to install Runtime Application Self-Protection Bot Protection Prevent bad bots from performing malicious actions Advanced Rate Limiting Control the amount of requests from potential threats API Protection Stop unauthorized access to your APIs and microservices ATO Protection Stop account takeover and credential stuffing DDoS Block Denial-of-Service attacks
  • 8. Service LayerIntegrated Deployment Strategic Coverage Across the Enterprise Advanced Protection at Scale to Match the Velocity of DevOps Internet
  • 9. Key Means for Proactive Web App and API Protection DevOps teams need to move fast to innovate. But maintaining release velocity doesn’t mean sacrificing security.
  • 11. Hybrid SaaS Architecture: Fast Local Decisions Plus the Power of Cloud • Optimized local detection via SmartParse, eliminating false positive decisions • Decisioning is enriched by Cloud Engine intelligence – not signatures • Fail-open design avoids app downtime shut- downs and blocked access A New Approach to Web App and API Protection
  • 12. Signal Sciences Architecture Real-time web app protection that scales without impacting performance Load Balancer Web Servers Application Containers PaaS Service Mesh API Gateway Hosted Cloud WAF Reverse Proxy
  • 13. Slide Title Goes Here on One Deck • First bulleted copy of point you want to make • Second bulleted copy point • Third bulleted copy point etc.
  • 14. Web Request Volume Protected Per Month
  • 15. Monolithic Containerization By 2022, more than 75% of global organizations will be running containerized applications in production.
  • 16. Progression to the container world Servers Monolithic Waterfall VMs N-Tiered Systems Separation Containers Microservices DevOps (DevSecOps)
  • 17. Monolithic /catalog /cart /reviews /catalog /cart /reviews • Services must be written in the same language • Difficult to work on different services in parallel (“integration hell”) • Full app needs to be re-deployed with every update • Scaling requires replicating entire app which can lead to waste/unnecessary hosting costs • Services can be in different languages • Easier to work on services in parallel, add new services • Can deploy services individually, enables continuous deployment. • Can scale services individually Microservices
  • 18. Traditional WAF • Rules-Based • Limited Scalability • Longer Deployment Next-Gen WAF • Out-of-the-Box Detection • Highly Scalable • Quicker Deployment sudo apt-get install sigsci-agent
  • 19. Traditional WAF Next-Gen WAF Datacenter AWS GCP Google Cloud Armor • Different rulesets • Different UI, feature sets • Disjointed WAF policy Datacenter AWS GCP • Single ruleset • Single UI, feature set • Unified WAF Policy
  • 20. Automated Web Layer Protection Without Rules Tuning Fast, inline blocking decisions with SmartParse • Enables our offering to fail open • Battle tested: inspects and decisions on 250+ billion web requests weekly • Virtually eliminates false positives Net result: Web protection that works in production so security teams can focus on high-value work, not WAF rules maintenance
  • 21. Cloud Native Application Protection • Inspects BOTH east-west and north-south traffic routed via microservices architectures without code changes • Increased flexibility to deploy Layer 7 protection in cloud-native applications • Increases Layer 7 visibility with simplified deployment for containerized microservices orchestrated via Kubernetes
  • 22. • Internal Microservices will be just internal… • Since internal Microservices are internal they don’t need the same level of security/authentication • Communication between internal Microservices should be legitimate traffic Assumptions of Internal Microservices
  • 23. Because apps are highly distributed, 70-80% of traffic is now east-west traffic in data centers. North-South and East- West Traffic
  • 26. What it Might Look Like in Practice Ingress / Software Perimeter RASP Service Mesh Traditional Perimeter-based
  • 27. Load Balancer Deployment Options with Full Feature Parity Enabling Applications Across Any Architecture Web Servers Application Reverse Proxy Containers: Kubernetes, Docker PaaS Service MeshCloud WAF: No Agents to Deploy API Gateway As a sidecar In container Cloud WAF
  • 28. Runs across the Modern Infrastructure Mix • Major cloud providers • Containers • Hardware • Serverless options • Platform services
  • 29. Active Web App and API Protection Everywhere See, Secure and Scale Across: Any App Cloud Containers, PaaS & Serverless Web Servers & Languages Gateways & Proxies Any Attack OWASP Injection Attacks PLUS: Bad Bots DDoS Brute Force Attacks Application Abuse & Misuse Request Rate Limiting Account Takeover Virtual Patching Any DevOps Toolchain INCLUDING: Generic Webhooks & Any Custom Tools via Full RESTFul/JSON API
  • 30. DevOps Tool Integrations Break Down Silos Feedback Loops Make All Teams Security Stakeholders Make security visible: Unified management console provides actionable data to quickly understand what’s happening in production Keep everyone informed: Push security data to the tools security and DevOps teams already use: Slack, PagerDuty, Jira, Datadog, OpsGenie, etc. Share consistent data: All teams make decisions from same security data
  • 31. Correlate and analyze web request data in other tools API-first: any information available in our management console can be accessed via our API Import request data into a data analysis tools like Splunk, Kibana etc. Easily correlate collected web request security data with external data sources for further analysis Example of Signal Sciences flagged IPs and raw request meta data pulled into Splunk
  • 32. Provide Operations Teams Data to Ensure Uptime Surface Metrics that Matter Client- and server- side errors to response errors, broken links; highly targeted APIs Identify Critical Issues Fast Metrics can point to server or application configuration issues so teams can triage faster Share data via API Pull these metrics into the systems your DevOps teams already use to pinpoint problematic issue fast Example of visibility into operational data points like anomalies and application behavior that Signal Sciences surfaces to DevOps teams.
  • 33. IMAGE GOES HERE Trust Developers but Verify API Visibility ● Reduced Request volume ~10M RPS ● ~9% reduction in the quarter ● Dev team modified the API to improve performance and reduce request volume
  • 34. Signal Sciences One Integrated Platform Delivers: • Cloud-native protection at lowest TCO • Protection in any infrastructure: cloud, on premise, containers, and hybrid environments • DevOps and security tooling integrations • Unified management of all your defenses Architected for Flexible, Proactive Defense • Agent-module pair and Cloud Decision Engine enables easy deployment to • stop web attacks • Provides unified view across all your apps wherever they run
  • 35. Demo
  • 39. Q&A