Signal Sciences Moves to Secure Envoy

Signal Sciences has extended its web application firewall (WAF) and runtime application self-protection (RASP) software to include support for the open source Envoy proxy service software widely used in Kubernetes environments.

Zane Lackey, chief security officer for Signal Sciences, says one of the things that distinguishes the Signal Sciences Cloud WAF is that it can support both existing monolithic and emerging microservices-based applications based on platforms such as Kubernetes. Rather than having to acquire a separate firewall that needs to be deployed as a sidecar to containers and then creating and managing policies on the firewall, the Signal Sciences approach makes it possible to unify the management of application security across multiple platforms, he says.

By adding support for Envoy, Signal Sciences is now signaling that its WAF and RASP technologies will be extended to various add-on modules deployed on top of Kubernetes clusters.

In keeping with agile DevOps processes, Lackey also notes the company’s Cloud WAF software is designed to be installed in minutes, as opposed to days and months. About 95% of Signal Sciences customers also make use of an automated blocking capability to inspect, detect and block malicious web requests without having to rely on signatures or rules-based tuning, adds Lackey.

As the number of containerized applications destined to be deployed on Kubernetes increases, tension between developers and cybersecurity teams is starting to rise. Cybersecurity teams are reluctant to approve deployment of containerized applications that they can’t secure themselves in production environments. They would prefer to be able to rely on the same cybersecurity framework to secure applications whenever possible, regardless of whether they are on monolithic architecture or employ cloud-native technologies such as containers and serverless computing frameworks. The challenge cybersecurity teams face is most legacy firewalls don’t support containers, which Signal Sciences views as an opportunity to gain share at the expense of its rivals—its WAF and RASP technologies are designed from the ground up to support multiple application architectures, says Lackey.

In the age of DevSecOps, it’s not clear who will assume responsibility for selecting and deploying firewalls. In some cases, developers will install firewalls on their own within the context of an isolated greenfield application environment. In other cases, cybersecurity teams will prefer to unify the management of firewalls across the enterprise. Given the history of application development, many of those cybersecurity teams don’t have a lot of confidence just yet in the ability of developers to embed the appropriate cybersecurity controls within their applications.

Whatever the approach, cybersecurity is now a major focal point when it comes to building, deploying and managing containerized applications. In an ideal world, developers and cybersecurity teams together will define best DevSecOps processes to ensure cloud-native applications are more secure without compromising the speed at which developers are able to build and deploy those applications. Otherwise, many developers will continue to end-run cybersecurity teams in the name of productivity regardless of the risks involved.

Mike Vizard

Mike Vizard is a veteran IT journalist with more than 25 years of experience covering the technology industry, having previously served as Editor-in-Chief of both CRN and InfoWorld and as editorial director for Ziff-Davis Enterprise, where he oversaw titles including eWEEK, CIO Insight and Baseline. Over his career he has also edited or contributed to a wide range of enterprise technology publications, including IT Business Edge, Channel Insider, ComputerWorld, TMCNet and Digital Review, and he later led editorial for CTOEdge.com. His reporting and analysis span software development, cloud computing, cybersecurity, IT channel strategy and, more recently, artificial intelligence and DevOps practices. A recognized voice in enterprise IT journalism, Vizard is known for tracking emerging technology trends as they move from early adoption into mainstream enterprise use. He now serves as Chief Content Officer for Techstrong Group, where he oversees editorial strategy across the full network — DevOps.com, Security Boulevard, Cloud Native Now, Digital CxO, Techstrong.ai, TechStrong.IT, Techstrong Semi and PlatformEngineering.com — in addition to writing and hosting content for Techstrong TV and the Techstrong Gang podcast.

Mike Vizard has 1813 posts and counting. See all posts by Mike Vizard