Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Deployments

2

Cequence Security: A Cloud Native Approach to Application Security

• Venture-backed start-up bringing much-needed innovation to application security

• Award-winning AI-powered security platform delivered as containers to protect web, mobile, API-based applications from bot attacks and vulnerability exploits

• Built on top of cloud native components like Kubernetes and Prometheus

• Plays well with existing ingress controllers and Sidecars like Envoy and NGINX, without needing to replace them

• Visit us at www.cequence.ai

DATA CENTER

PUBLIC CLOUD

CLOUD NATIVE

3

Supplier APIPartner API

Web Customer Mobile Customer

Your Public Facing Applications Are Attack Targets

Business Logic Abuse

• Highly automated• Content appears legitimate• Difficult to detect and block

Vulnerability Exploits

• Highly targeted• Exploiting app vulnerabilities• Both known and unknown

4

Runtime Application Protection for Monolithic Applications

Internet

Load Balancer

MONOLTHICAPPLICATIONS

Frontend

Data Access

Business LogicWAF

Breach

Vulnerability Scan

PUBLIC CLOUDDATA CENTER

5

Internet

Runtime Application Protection for Monolithic Applications

Load Balancer

Fake AccountsCredential

Stuffing

Fake Likes

Inventory Lockup

Scraping

MONOLTHICAPPLICATIONS

Frontend

Data Access

Business LogicWAF

Breach

Vulnerability Scan

PUBLIC CLOUDDATA CENTER

BOT

6

Runtime Application Protection for Monolithic Applications

Internet

MONOLTHICAPPLICATIONS

Frontend

Data Access

Business Logic

Load Balancer

Fake AccountsCredential

Stuffing

Fake Likes

Inventory Lockup

Scraping

WAF

Breach

Vulnerability Scan

PUBLIC CLOUDDATA CENTER

BOTApp DDOS

Application Floods

7

Monolith to Microservices

MONOLTHICAPPLICATIONS

User Interface

Data Access

Business Logic

User Interface

API

</>

API

</>API

</>

API

</>

API</>

USER MANAGEMENTMICROSERVICE

SHOPPING CARTMICROSERVICE

DATA ACCESSMICROSERVICE CUSTOMER REVIEWS

MICROSERVICE

INVENTORY MGMTMICROSERVICE

8

New Security Challenge: Increased Entry Points

User Interface

API

</>

API

</>API

</>

API

</>

API</>

USER MANAGEMENTMICROSERVICE

SHOPPING CARTMICROSERVICE

DATA ACCESSMICROSERVICE CUSTOMER REVIEWS

MICROSERVICE

INVENTORY MGMTMICROSERVICEInternet

Fake Accounts

Credential Stuffing

Fake Likes

Inventory Lockup

Scraping

WAF

Breach

Vulnerability Scan

BOTApp DDOS

Application Floods

9

New Security Challenge: Keep up with DevOps Pace

User Interface

API

</>

API

</>API

</>

API

</>

API

</>

USER MANAGEMENTMICROSERVICE

SHOPPING CART v2MICROSERVICE

DATA ACCESSMICROSERVICE CUSTOMER REVIEWS

MICROSERVICE

INVENTORY MGMTMICROSERVICE

API

</>

SHOPPING CART MICROSERVICE

API

</>

CUSTOMER RATINGSMICROSERVICE

Internet

Fake Accounts

Credential Stuffing

Fake Likes

Inventory Lockup

Scraping

WAF

Breach

Vulnerability Scan

BOTApp DDOS

Application Floods

10

New Security Challenge: Heterogeneous Environments

User Interface

API

</>

API

</>API

</>

API

</>

API

</>

USER MANAGEMENTMICROSERVICE

SHOPPING CARTMICROSERVICE

DATA ACCESSMICROSERVICE CUSTOMER REVIEWS

MICROSERVICE

INVENTORY MGMTMICROSERVICEInternet

Fake Accounts

Credential Stuffing

Fake Likes

Inventory Lockup

Scraping

WAF

Breach

Vulnerability Scan

BOTApp DDOS

Application Floods

11

New Security Challenge: Multi-Cloud Environments

User Interface

API

</>

API

</>API

</>

API

</>

API

</>

USER MANAGEMENTMICROSERVICE

SHOPPING CARTMICROSERVICE

DATA ACCESSMICROSERVICE CUSTOMER REVIEWS

MICROSERVICE

INVENTORY MGMTMICROSERVICEInternet

Fake Accounts

Credential Stuffing

Fake Likes

Inventory Lockup

Scraping

WAF

Breach

Vulnerability Scan

BOTApp DDOS

Application Floods

12

New Approach: From Perimeter Defense to Microservices Defense

MONOLTHICAPPLICATIONS

Frontend

Data Access

Business Logic

API</>

App DDoS

Bot

WAF

MICROSERVICES PODS

WAFBOTApp DDOS

13

Runtime Application Protection for Microservices

User Interface

USER MANAGEMENTMICROSERVICE

SHOPPING CARTMICROSERVICE

DATA ACCESSMICROSERVICE

CUSTOMER REVIEWSMICROSERVICE

InternetINVENTORY MANAGEMENT

MICROSERVICE

API

</>

App DDoS

Bot

WAF

API

</>

App DDoS

Bot

WAF

API

</>

App DDoS

Bot

WAF

API

</>

App DDoS

Bot

WAF

API

</>

App DDoS

Bot

WAF

14

Must-Haves in Runtime Application Protection for Microservices

• Designed to work with existing applications without making modifications• Non-invasive: no agents, SDK, or JavaScript

• Single pane of glass for all microservices• Protection moves with the microservices to any cloud

• Microservices based protection for protecting other microservices• Co-exist and not replace with existing Ingress Controllers and Sidecars

S I M P L E

R E L E V A N T

E F F E C T I V E

15

New Security Stack for Microservices

Infrastructure Security

Container Security & Compliance

Runtime Application Protection (WAF, Bot & Application DDoS)

16

17

Thank you!