42Crunch Brings API Firewall to Kubernetes

42Crunch this week announced at the RSA Asia Pacific and Japan 2019 conference that it has extended its namesake firewall for application programming interfaces (APIs) to Kubernetes.

Dimitri Sotnikov, vice president of cloud platform at 42Crunch, says given the number of APIs being created within containerized applications, a new approach to securing those applications is required. The 42Crunch API Firewall provides IT organizations with access to a 20MB micro firewall that can be attached as a sidecar to a containerized application, he says.

That approach allows organizations to apply a zero-trust model to accessing APIs because only services that have been white-listed are allowed access with only sub-millisecond overhead, says Sotnikov. Better still, micro firewalls also eliminate the need to rely on manual policies that need to be written for legacy web application firewalls that were never designed to meet the performance requirements of cloud-native applications based on microservices, Sotnikov says.

Micro firewalls also make it easier to embrace best DevSecOps processes, he adds, by making it easier for developers to programmatically attach a micro firewall to each API. DevOps teams can also scan live API endpoints to discover potential vulnerabilities and deviations against the API contract, in addition to running more than 200 security audit tests based on controls defined by the OpenAPI specification definition, formerly known as Swagger.

42Crunch developed its API Firewall when it became apparent that providers of API management platforms were not interested in cybersecurity that dealt with anything beyond trying to limit a distributed denial of service (DDoS) attack, Sotnikov says. What providers of those platforms did not fully appreciate is that within the context of a distributed microservices application, all the calls within that application are being made across a public network and not within the confines of a single machine, he notes.

Despite the fact that API firewalls are intended to be implemented by developers, Sotnikov says it’s critical to make sure cybersecurity teams are still part of the DevOps process. Cybersecurity teams play a critical role in not only defining what controls need to be implemented but also validating that those controls have been implemented before an application is allowed to be deployed in a production environment, he adds.

It’s still clearly early days as far as adoption of best DevSecOps processes is concerned. However, given the chronic shortage of cybersecurity professionals, it’s apparent a new approach to cybersecurity is now required. Developers need to assume more responsibility for implementing cybersecurity controls as part of the quality assurance process. Fortunately, most developers are open to taking on more responsibility for cybersecurity as long as it doesn’t overly impede the rate at which applications are being developed. The challenge organizations now face is finding a way to give developers the tools they need to achieve that goal instead of merely shifting responsibility away from cybersecurity teams, Sotnikov says.

It’s now only a matter of time before the rise of microservices-based applications running on Kubernetes clusters ultimately force the tools issue inside most organizations.

Mike Vizard

Mike Vizard is a veteran IT journalist with more than 25 years of experience covering the technology industry, having previously served as Editor-in-Chief of both CRN and InfoWorld and as editorial director for Ziff-Davis Enterprise, where he oversaw titles including eWEEK, CIO Insight and Baseline. Over his career he has also edited or contributed to a wide range of enterprise technology publications, including IT Business Edge, Channel Insider, ComputerWorld, TMCNet and Digital Review, and he later led editorial for CTOEdge.com. His reporting and analysis span software development, cloud computing, cybersecurity, IT channel strategy and, more recently, artificial intelligence and DevOps practices. A recognized voice in enterprise IT journalism, Vizard is known for tracking emerging technology trends as they move from early adoption into mainstream enterprise use. He now serves as Chief Content Officer for Techstrong Group, where he oversees editorial strategy across the full network — DevOps.com, Security Boulevard, Cloud Native Now, Digital CxO, Techstrong.ai, TechStrong.IT, Techstrong Semi and PlatformEngineering.com — in addition to writing and hosting content for Techstrong TV and the Techstrong Gang podcast.

    Mike Vizard has 1813 posts and counting. See all posts by Mike Vizard