using cloud native technologies to solve complex application … · 2019-12-20 · 2 cequence...
TRANSCRIPT
Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes
Deployments
2
Cequence Security: A Cloud Native Approach to Application Security
• Venture-backed start-up bringing much-needed innovation to application security
• Award-winning AI-powered security platform delivered as containers to protect web, mobile, API-based applications from bot attacks and vulnerability exploits
• Built on top of cloud native components like Kubernetes and Prometheus
• Plays well with existing ingress controllers and Sidecars like Envoy and NGINX, without needing to replace them
• Visit us at www.cequence.ai
DATA CENTER
PUBLIC CLOUD
CLOUD NATIVE
3
Supplier APIPartner API
Web Customer Mobile Customer
Your Public Facing Applications Are Attack Targets
Business Logic Abuse
• Highly automated• Content appears legitimate• Difficult to detect and block
Vulnerability Exploits
• Highly targeted• Exploiting app vulnerabilities• Both known and unknown
4
Runtime Application Protection for Monolithic Applications
Internet
Load Balancer
MONOLTHICAPPLICATIONS
Frontend
Data Access
Business LogicWAF
Breach
Vulnerability Scan
PUBLIC CLOUDDATA CENTER
5
Internet
Runtime Application Protection for Monolithic Applications
Load Balancer
Fake AccountsCredential
Stuffing
Fake Likes
Inventory Lockup
Scraping
MONOLTHICAPPLICATIONS
Frontend
Data Access
Business LogicWAF
Breach
Vulnerability Scan
PUBLIC CLOUDDATA CENTER
BOT
6
Runtime Application Protection for Monolithic Applications
Internet
MONOLTHICAPPLICATIONS
Frontend
Data Access
Business Logic
Load Balancer
Fake AccountsCredential
Stuffing
Fake Likes
Inventory Lockup
Scraping
WAF
Breach
Vulnerability Scan
PUBLIC CLOUDDATA CENTER
BOTApp DDOS
Application Floods
7
Monolith to Microservices
MONOLTHICAPPLICATIONS
User Interface
Data Access
Business Logic
User Interface
API
</>
API
</>API
</>
API
</>
API</>
USER MANAGEMENTMICROSERVICE
SHOPPING CARTMICROSERVICE
DATA ACCESSMICROSERVICE CUSTOMER REVIEWS
MICROSERVICE
INVENTORY MGMTMICROSERVICE
8
New Security Challenge: Increased Entry Points
User Interface
API
</>
API
</>API
</>
API
</>
API</>
USER MANAGEMENTMICROSERVICE
SHOPPING CARTMICROSERVICE
DATA ACCESSMICROSERVICE CUSTOMER REVIEWS
MICROSERVICE
INVENTORY MGMTMICROSERVICEInternet
Fake Accounts
Credential Stuffing
Fake Likes
Inventory Lockup
Scraping
WAF
Breach
Vulnerability Scan
BOTApp DDOS
Application Floods
9
New Security Challenge: Keep up with DevOps Pace
User Interface
API
</>
API
</>API
</>
API
</>
API
</>
USER MANAGEMENTMICROSERVICE
SHOPPING CART v2MICROSERVICE
DATA ACCESSMICROSERVICE CUSTOMER REVIEWS
MICROSERVICE
INVENTORY MGMTMICROSERVICE
API
</>
SHOPPING CART MICROSERVICE
API
</>
CUSTOMER RATINGSMICROSERVICE
Internet
Fake Accounts
Credential Stuffing
Fake Likes
Inventory Lockup
Scraping
WAF
Breach
Vulnerability Scan
BOTApp DDOS
Application Floods
10
New Security Challenge: Heterogeneous Environments
User Interface
API
</>
API
</>API
</>
API
</>
API
</>
USER MANAGEMENTMICROSERVICE
SHOPPING CARTMICROSERVICE
DATA ACCESSMICROSERVICE CUSTOMER REVIEWS
MICROSERVICE
INVENTORY MGMTMICROSERVICEInternet
Fake Accounts
Credential Stuffing
Fake Likes
Inventory Lockup
Scraping
WAF
Breach
Vulnerability Scan
BOTApp DDOS
Application Floods
11
New Security Challenge: Multi-Cloud Environments
User Interface
API
</>
API
</>API
</>
API
</>
API
</>
USER MANAGEMENTMICROSERVICE
SHOPPING CARTMICROSERVICE
DATA ACCESSMICROSERVICE CUSTOMER REVIEWS
MICROSERVICE
INVENTORY MGMTMICROSERVICEInternet
Fake Accounts
Credential Stuffing
Fake Likes
Inventory Lockup
Scraping
WAF
Breach
Vulnerability Scan
BOTApp DDOS
Application Floods
12
New Approach: From Perimeter Defense to Microservices Defense
MONOLTHICAPPLICATIONS
Frontend
Data Access
Business Logic
API</>
App DDoS
Bot
WAF
MICROSERVICES PODS
WAFBOTApp DDOS
13
Runtime Application Protection for Microservices
User Interface
USER MANAGEMENTMICROSERVICE
SHOPPING CARTMICROSERVICE
DATA ACCESSMICROSERVICE
CUSTOMER REVIEWSMICROSERVICE
InternetINVENTORY MANAGEMENT
MICROSERVICE
API
</>
App DDoS
Bot
WAF
API
</>
App DDoS
Bot
WAF
API
</>
App DDoS
Bot
WAF
API
</>
App DDoS
Bot
WAF
API
</>
App DDoS
Bot
WAF
14
Must-Haves in Runtime Application Protection for Microservices
• Designed to work with existing applications without making modifications• Non-invasive: no agents, SDK, or JavaScript
• Single pane of glass for all microservices• Protection moves with the microservices to any cloud
• Microservices based protection for protecting other microservices• Co-exist and not replace with existing Ingress Controllers and Sidecars
S I M P L E
R E L E V A N T
E F F E C T I V E
15
New Security Stack for Microservices
Infrastructure Security
Container Security & Compliance
Runtime Application Protection (WAF, Bot & Application DDoS)
16
17
Thank you!