Agile Security Is Now A Reality

Businesses are looking to optimize and accelerate their Software Development Lifecycle (SDLC), in order to improve their operational efficiency and gain a competitive edge.

Service mesh is the popular architecture where monolithic applications are broken down into microservices, becoming the common delivery model providing for better agility, elasticity and scale. Companies that deploy service mesh architecture require advanced automation and orchestration tools to help them achieve these business goals (agility, elasticity, and scale) and assemble an ecosystem that supports continuous deployment.

Such orchestration tools offer automated container deployment, scaling and management, time code scanning, provisioning, testing and even security in the CI/CD pipeline. The most popular orchestration tool is Kubernetes. It is so broadly used, that each public cloud vendor has introduced a special Kubernetes edition.

Naturally, these benefits drive the rapid adoption of the above model, with the ultimate goal of continuous deployment. Even if an application is changed multiple times a day, each version must go through the full SDLC phases before being pushed into production – with no delays and no human intervention, at all. If security doesn’t run at the same speed, it is usually left behind.

[You may also like: Application Security in the Microservices Era]

Normally, enterprises are forced to choose between agility and security. Most put agility first and try to retrofit security solutions into their deployments. But it’s worth noting that  digital transformation doesn’t just come with new technologies; it also forces structural changes and adjustments of business processes.

Naturally, because it gives more decision-making power to those who understand, choose and implement the emerging solutions, DevOps have a growing influence on information security related decisions and eventually, the overall application security posture of their company.

As everything is moving fast, how can businesses be both agile and secure?

Unfortunately, emerging technologies are just that—emerging—and they do not come with best practices. Companies still look for the proverbial yellow brick road to secure microservices and containerized applications. What might that look like? Market leading application security that also provides advanced automation, auto-scale and elasticity required by today’s DevOps and Security teams. But often, the first line of defense is a WAF.

[You may also like: Application Delivery Challenges for DevOps]

Can a WAF Be Agile?

WAFs are long known as showstoppers – they are slow, inaccurate, require a lot of tuning, exception handling and manual labor to maintain. Generating false positives and hurting the user experience, WAFs are by far the least favorite solution for information security teams. Can such an ancient animal adjust to the new ecosystem?

Yes, it can!

If organizations require agility first and foremost, then security must fit into that automated SDLC without disrupting continuous deployment.  However, organizations need more than just a “good enough” security solution. Their data is at stake. They require comprehensive protection.  Radware invested significant R&D efforts to solve this problem. The emphasis focused on finding the required level of automation, flexibility and elasticity.

Enter Radware’s new Kubernetes WAF, which features many integration options into the CI/CD pipeline. For example, it is fully controlled by Kubernetes, so application security grows and scales with Kubernetes pods, including learned policies and configuration settings.

[You may also like: Threats on APIs and Mobile Applications]

What’s more, visibility to both DevSecOps + Security teams via integration with common tools and platforms (like Grafana, Prometheus, etc.) is critical, as is a light footprint (an enforcement point in front of each pod while management, analytics and learning engine are run separately within the environment).

Lastly, and perhaps most importantly, security policies should be automatically generated and tuned. This can be accomplished by using machine learning with a unique auto policy-generation engine that studies the application/ microservice structure, analyzes potential threats and builds a security policy that is later adjusted whenever a change is introduced to the application. (Fun fact: Radware Kubernetes WAF does this).

And there you have it: Agile security!

As for security folks – you can maximize security for containerized applications with a unique combination of positive and negative security models for application protection in service mesh.

Read “Radware’s 2019 Web Application Security Report” to learn more.

Download Now

Ben Zilberman

Ben Zilberman is a director of product-marketing, covering application security at Radware. In this role, Ben specializes in web application and API protection, as well as bot management solutions. In parallel, Ben drives some of Radware’s thought leadership and research programs. Ben has over 10 years of diverse experience in the industry, leading marketing programs for network and application security solutions, including firewalls, threat prevention, web security and DDoS protection technologies. Prior to joining Radware, Ben served as a trusted advisor at Check Point Software Technologies, where he led channel partnerships and sales operations. Ben holds a BA in Economics and a MBA from Tel Aviv University.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center