Radware this week launched Kubernetes Web Application Firewall (WAF), which makes use of machine learning algorithms and a lightweight agent running on each Kubernetes pod to enforce manually configured or behavior-based cybersecurity policies.
Ben Zilberman, head of product marketing for application security at Radware, says Radware Kubernetes WAF is designed to address positive and negative security models that protect applications from attacks originating from both outside or inside enterprise regardless of whether those attacks are coming via north-south or east-west traffic. Security policies can be either manually configured or generated by an auto policy generation and optimization engine built into the Radware Kubernetes WAF.
Zilberman says Radware determined early on there would be a need for a new type of WAF for highly dynamic Kubernetes environments. To address those requirements, Radware Kubernetes WAF is designed not only to scale up and down easily, but also it has been integrated with software provisioning, testing and visibility tools to make it easier to secure applications within the context of a continuous integration/continuous delivery (CI/CD) environment.
Radware Kubernetes WAF is also designed to deliver all TLS traffic to a single termination at the host level, thereby eliminating the need to manage multiple certificates. It also provides access to integrated reporting and analytics tools via a portal in addition to interoperability with various open source visibility platforms such as Kibana and Grafana to track security events and policies, application telemetry, network statistics, performance and latency.
Other capabilities include an auto policy generation and optimization engine that protects Kubernetes environments from zero-day attacks as well as known threats and the ability to prevent data leakage across both web applications and application programming interfaces (APIs).
Radware claims its Kubernetes WAF is the only one recommended by NSS Labs to protect applications based on microservices running on Kubernetes, and ICSA Labs has certified/recommended Radware’s appwall technology, which is the core of Kubernetes WAF.
In general, Zilberman says Radware has been waiting for Kubernetes application programming interfaces (APIs) to stabilize before jumping into what is already a crowded market. Rather than trying to extend existing cybersecurity platforms to address microservices, Radware determined early on there would be a need for a platform that would facilitate the adoption of best DevSecOps practices that are now core to software development life cycles (SDLCs).
In fact, a survey of 278 executives and senior IT professionals at companies with at least 250 million USD/EUR/GBP in revenue conducted by Enterprise Management Associates Inc. on behalf of Radware notes that 70% of survey respondents said the chief information security officer is not the top influencer in deciding on security software policy, tools and or implementation.
The survey also finds more than 90% of respondents reported their organizations have either DevOps or DevSecOps teams in place, but only 21% of respondents said these teams have been in place for longer than 24 months. More than half (58%) of organizations reported a ratio of between 1:6 and 1:10 DevSecOps-to-development personnel. When evaluating collaboration between DevOps and DevSecOps teams, 49% said the teams were working very closely, while 46% said they were managing to work together.
It’s too early to say how when the rise of microservices and Kubernetes will force organizations to re-evaluate their approach to cybersecurity. The one thing that is certain, however, is that day is now all but inevitable.