NI
Uploaded byNGINX, Inc.
PDF, PPTX245 views

Secure Your Kubernetes Apps from Attacks with NGINX

The document outlines the necessity of securing Kubernetes applications using NGINX App Protect WAF and Ingress Controller to mitigate vulnerabilities and prevent breaches. It discusses the rise in application usage across multiple clouds, highlights the increasing cost of data breaches, and emphasizes the importance of web application firewalls for modern application security. The document also details the integration of security into CI/CD pipelines to enhance DevOps initiatives and improve overall application security without sacrificing performance.

Software
Related topics:
web-applications
Download as PDF, PPTX
Secure Your Kubernetes Apps from Attacks with NGINX Thelen Blum – Sr. Product Marketing Manager, F5 NGINX Amir Rawdat– Technical Marketing Engineer, F5 NGINX
©2022 F5 2 Agenda Modern Application vs. Security Adoption Rates The Cost of a Breach Why Modern Application Security Needs a WAF How to Easily Secure Your Kubernetes Apps with NGINX App Protect WAF and NGINX Ingress Controller Demo Q & A
©2022 F5 3 APP PORTFOLIOs GROW AND MODNERNATION CONTINUES WITH MULTI-CLOUD DEPLOYMENTS How Many Apps do Most Organizations Have Today? Source: F5 State of Application Strategy Report 2022 - up 31% from 5 years ago 77% of those surveyed run apps in multiple clouds with 95% modernizing older applications.
©2022 F5 4 MORE THAN TWO-THIRDS OF ORGS ARE USING AT LEAST TWO METHODS TO CREATE MODERN WORKFLOWS Application Modernization Continues to Rise - over 2020 Source: F5 State of Application Strategy Report 2021
©2022 F5 5 CONTAINERS FOUND TO LACK SECURITY DUE TO CODE AND CONFIGURATION VULENRABILITIES Web Applications Remain a Top Attack Vector Source: Forrester, The State of Application Security, 2021
©2022 F5 6 HOW SECURE IS YOUR ORGANIZATION? The Severity of Recent Security Breaches • 2021 Vulnerability in Java logging library Log4j • Remote Code Execution / attacker full sys. access control • Still over 90,000 internet facing apps and 68,000 servers still publicly exposed • 2021 Facebook Data Breach of 533M individual’s personal information • Data scraped from Facebook servers • Due to a misconfiguration error • 2017 Equifax Data Breach of 147.9M individual’s personal information – 40% of the US population • Thought to be State Sponsored • Started due to a known vulnerability that was never patched
©2022 F5 7 INCREASED BY THE LARGEST MARGIN IN SEVEN YEARS The Average Cost of a Data Breach up 10% from 2020 Source: Ponemon and IBM Security Cost of a Data Breach Report 2021
©2022 F5 8 MOST SIGNIFICANT COST SAVINGS IN THE 2021 IBM COST OF A DATA BREACH REPORT Security Automation and AI Reduced Breach Costs by 80% Source: Ponemon and IBM Security Cost of a Data Breach Report 2021
©2022 F5 9 Software Vulnerabilities & Common Attack Vectors SOFTWARE VULNERABILITIES IN APPLICATION STACKS (CVEs) Software vulnerabilities are found in components of virtually all software stacks • Operating systems (Windows, Linux, containers) • Application servers • Support libraries • Programming languages • 3rd party libraries (NPM, CPAN, Ruby Gems) Threats such as Injection and XSS are well known, but difficult to mitigate, thus remarkably common • Injection • Cross Site Scripting • Cross-site request forgery • Insecure deserialization FREQUENTLY OCCURRING WEAKNESSES IN APPLICATION CODE (OWASP Top 10)
©2022 F5 10 What’s a Web Application Firewall (WAF)? ENABLE PROTECTION AGAINST APPLICATION LAYER 7 ATTACKS
©2022 F5 11 Why a Traditional Firewall won’t Secure your Applications A WAF ENABLES PROTECTION AGAINST APPLICATION LAYER 7 ATTACKS Blocked by a NW Firewall Blocked by WAF Legitimate Traffic WEB APPLICATION FIREWALL vs. NETWORK FIREWALL
©2022 F5 12 Strong App and API Security Built for Modern Apps CI/CD Friendly NGINX App Protect WAF
©2022 F5 13 Strong App and API Security App and API security and controls built using F5 advanced WAF technology. Blocks attacks and helps prevent downtime. OWASP Top 10 Regulatory Compliance IP Blocking Prevent sensitive data loss F5-based Layer 7 Attack Protection API Security
©2022 F5 14 Built for Modern Apps High performance security, low latency and highly scalable. Seamless integration into the #1 web application platform High performance Deployment options Minimizes tool sprawl Lightweight footprint Seamless NGINX Integration 20X+ faster than alternative OSS
©2022 F5 15 CI/CD Friendly Enable security to keep pace with DevOps and Support “shift left” initiatives Declarative policies Speed Time to Market Enable AppDev Reduced cost Feedback loops Automate security in CI/CD cycle
©2022 F5 16 NGINX App Protect WAF Deployment Options 3
©2022 F5 17 Fully Integrated Solution • Configured from familiar, powerful K8s API • Integrates security and WAF natively into the CI/CD pipeline Business Benefits • Reduce complexity and tool sprawl • Accelerate time to market and reduces costs with DevSecOps-automated security • Achieve resilience, visibility and security Easily Secure your Kubernetes Apps and Services with NGINX App Protect WAF and NGINX Ingress Controller we are here SECURE YOUR KUBERNETES ENVIRONMENT AT SCALE
©2022 F5 18 NGINX Ingress Controller A SPECIALIZED LOAD BALANCER FOR KUBERNETES ENVIRONMENTS Kubernetes Node Kubernetes Node Kubernetes Node Ingress controllers Load balancer Users • Accepts traffic from outside the Kubernetes platform, and load-balances it to pods (containers) running inside the platform • Configured using the Kubernetes API, with objects called ‘Ingress Resources’ • Monitors the pods running in Kubernetes, and automatically updates the load balancing rules if, for example, pods are added or removed from a service
©2022 F5 19 Choosing your Model for App Protection SNI VS PATH-BASED
©2022 F5 20 CONFIDENTIAL Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional NGINX Ingress Resources – Rich Capabilities Host TLS Policies Upstreams Routes - Path Policies Action Split Match Route ErrorPage pass redirect return proxy delegation VirtualServer pass redirect return proxy pass redirect return proxy Host Upstreams Subroutes - Path Policies Action Split Match ErrorPage pass redirect return proxy VirtualServerRoute NGINX server configuration NGINX http configuration Server and HTTP snippets NGINX location configuration Location snippets Policies Access Control Rate Limiting Auth (JWT, OIDC) MTLS (Ingress/Egress) App Protect WAF
©2022 F5 21 NGINX App Protect WAF – Visibility Integrations
©2022 F5 22 Demo
©2022 F5 23 A LIGHTWEIGHT, HIGH-PERFORMANCE MODERN APP SECURITY SOLUTION NGINX App Protect WAF Delivers Strong Kubernetes App Security Security policies and protections are optimized for DevOps workflow. Deploy and manage app security controls across distributed environments. Embed Security Policy Into Your Pipeline Integrate security controls directly into your pipeline with security as code. Secure Modern Apps Strong security controls for microservices, containers, APIs, and other modern topologies. Gain Security Insights Security tools that go beyond alerts with intelligent security insights about your apps and APIs. Centralized visibility and insights dig into the root cause of application issues.
©2022 F5 24 Q & A
©2022 F5 25 Test Drive NGINX for yourself with a 30-day FREE Trial Today! https://www.nginx.com/free-trial-request-nginx-ingress-controller/ If you would like to try today’s presented demo for yourself, you can access it from the GitHub Repo located here: https://github.com/rawdata123/app-protect-sni/tree/master
Secure Your Kubernetes Apps from Attacks with NGINX

More Related Content

PDF
Deploy Application on Kubernetes
byOpsta
 
PDF
쿠알못이 Amazon EKS로 안정적인 서비스 운영하기 - 최용호(넥슨코리아) :: AWS Community Day 2020
byAWSKRUG - AWS한국사용자모임
 
PDF
CNCF and Cloud Native Intro
byCloud Native Bangalore
 
PDF
NGINX: Basics and Best Practices EMEA
byNGINX, Inc.
 
PDF
Ansible Tutorial.pdf
byNigussMehari4
 
PDF
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
byEdureka!
 
PDF
Complete-NGINX-Cookbook-2019.pdf
byTomaszWojciechowski22
 
PDF
Building Event-driven Architectures with Amazon EventBridge
byJames Beswick
 
Deploy Application on Kubernetes
byOpsta
 
쿠알못이 Amazon EKS로 안정적인 서비스 운영하기 - 최용호(넥슨코리아) :: AWS Community Day 2020
byAWSKRUG - AWS한국사용자모임
 
CNCF and Cloud Native Intro
byCloud Native Bangalore
 
NGINX: Basics and Best Practices EMEA
byNGINX, Inc.
 
Ansible Tutorial.pdf
byNigussMehari4
 
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
byEdureka!
 
Complete-NGINX-Cookbook-2019.pdf
byTomaszWojciechowski22
 
Building Event-driven Architectures with Amazon EventBridge
byJames Beswick
 

What's hot

PDF
[AWS Builders] AWS 스토리지 서비스 소개 및 사용 방법
byAmazon Web Services Korea
 
PDF
Azure governance v4.0
byMarcos Oikawa
 
PDF
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
byEdureka!
 
PDF
Exact Microsoft AZ-900 Questions And Answers
byArmstrongsmith
 
PDF
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
byVietnam Open Infrastructure User Group
 
PDF
Kubernetes
byMeng-Ze Lee
 
PDF
Aws landing zone
byIgor Ivanovic
 
PDF
VUCA 시대의 디지털 네이티브 리더가 알아야할 AWS의 기술 ::: AWS ExecLeaders Korea 2023
byAmazon Web Services Korea
 
PDF
Red Hat OpenShift on Bare Metal and Containerized Storage
byGreg Hoelzer
 
PDF
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
byAkamai Technologies
 
PPTX
Aws VPC
byAbhishek Amralkar
 
PDF
HashiCorp Vault Workshop:幫 Credentials 找個窩
bysmalltown
 
PPTX
What is AWS?
byMartin Yan
 
PPTX
5 things you didn't know nginx could do
bysarahnovotny
 
PPTX
High Availability Content Caching with NGINX
byNGINX, Inc.
 
PPTX
NGINX: Basics and Best Practices
byNGINX, Inc.
 
PDF
Introduction to DevOps
byAhmed Adel
 
PDF
AWS Black Belt Techシリーズ Amazon ElastiCache
byAmazon Web Services Japan
 
PPTX
The DevOps Journey
byMicro Focus
 
PDF
Google Cloud Storage | Google Cloud Platform Tutorial | Google Cloud Architec...
byEdureka!
 
[AWS Builders] AWS 스토리지 서비스 소개 및 사용 방법
byAmazon Web Services Korea
 
Azure governance v4.0
byMarcos Oikawa
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
byEdureka!
 
Exact Microsoft AZ-900 Questions And Answers
byArmstrongsmith
 
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
byVietnam Open Infrastructure User Group
 
Kubernetes
byMeng-Ze Lee
 
Aws landing zone
byIgor Ivanovic
 
VUCA 시대의 디지털 네이티브 리더가 알아야할 AWS의 기술 ::: AWS ExecLeaders Korea 2023
byAmazon Web Services Korea
 
Red Hat OpenShift on Bare Metal and Containerized Storage
byGreg Hoelzer
 
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
byAkamai Technologies
 
Aws VPC
byAbhishek Amralkar
 
HashiCorp Vault Workshop:幫 Credentials 找個窩
bysmalltown
 
What is AWS?
byMartin Yan
 
5 things you didn't know nginx could do
bysarahnovotny
 
High Availability Content Caching with NGINX
byNGINX, Inc.
 
NGINX: Basics and Best Practices
byNGINX, Inc.
 
Introduction to DevOps
byAhmed Adel
 
AWS Black Belt Techシリーズ Amazon ElastiCache
byAmazon Web Services Japan
 
The DevOps Journey
byMicro Focus
 
Google Cloud Storage | Google Cloud Platform Tutorial | Google Cloud Architec...
byEdureka!
 

Similar to Secure Your Kubernetes Apps from Attacks with NGINX

PDF
IDM Crack 2025 Internet Download Manger Patch
bywistrendugftr
 
PDF
IObit Uninstaller Pro Crack 13.2.0.5 + Key Download 2025
bymaharajput103
 
PDF
Movavi Screen Recorder Studio 22.5.2 Crack
byaladdinkhana47
 
PDF
What's New with NGINX Application Security Solutions
byNGINX, Inc.
 
PDF
Découvrez NGINX AppProtect
byNGINX, Inc.
 
PPTX
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
PDF
Application Security with NGINX
byNGINX, Inc.
 
PDF
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
PDF
Application Security with NGINX | APAC
byNGINX, Inc.
 
PDF
Nginx app protect-for-meetup-v1.0-202006_lk
byJuraj Hantak
 
PDF
Securing Your Apps & APIs in the Cloud
byOlivia LaMar
 
PPTX
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
byOlivia LaMar
 
PPTX
Gain multi-cloud versatility with software load balancing designed for cloud-...
byAshnikbiz
 
PPTX
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
byNGINX, Inc.
 
PPTX
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
PDF
InfoQ_NGINX_Fundamentals_of_Microservices.pptx.pdf
byusmanpk
 
PPTX
Secure Your Apps with NGINX Plus and the ModSecurity WAF
byNGINX, Inc.
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
PDF
Get the Most Out of Kubernetes with NGINX
byNGINX, Inc.
 
PPTX
F5 XC Distributed cloud Security and Application Delievery
bystkannan1
 
IDM Crack 2025 Internet Download Manger Patch
bywistrendugftr
 
IObit Uninstaller Pro Crack 13.2.0.5 + Key Download 2025
bymaharajput103
 
Movavi Screen Recorder Studio 22.5.2 Crack
byaladdinkhana47
 
What's New with NGINX Application Security Solutions
byNGINX, Inc.
 
Découvrez NGINX AppProtect
byNGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
Application Security with NGINX
byNGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
Application Security with NGINX | APAC
byNGINX, Inc.
 
Nginx app protect-for-meetup-v1.0-202006_lk
byJuraj Hantak
 
Securing Your Apps & APIs in the Cloud
byOlivia LaMar
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
byOlivia LaMar
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
byAshnikbiz
 
Modernizing Applications by Replacing F5 with the NGINX Application Delivery ...
byNGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
byNGINX, Inc.
 
InfoQ_NGINX_Fundamentals_of_Microservices.pptx.pdf
byusmanpk
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
byNGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
Get the Most Out of Kubernetes with NGINX
byNGINX, Inc.
 
F5 XC Distributed cloud Security and Application Delievery
bystkannan1
 

More from NGINX, Inc.

PDF
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
PDF
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
PDF
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
PPTX
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
PPTX
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
PDF
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
PDF
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
PDF
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
PDF
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
PDF
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
PDF
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
PDF
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
PPTX
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
PPTX
NGINX Kubernetes API
byNGINX, Inc.
 
PPTX
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
PPTX
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
PDF
Kubernetes環境で実現するWebアプリケーションセキュリティ
byNGINX, Inc.
 
PDF
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
byNGINX, Inc.
 
PDF
Open Sourcing NGINX Agent and Demo
byNGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
NGINX Kubernetes API
byNGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
byNGINX, Inc.
 
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
byNGINX, Inc.
 
Open Sourcing NGINX Agent and Demo
byNGINX, Inc.
 

Recently uploaded

PDF
Insurance Underwriting Software for Smarter Operations
byInsurance Tech Services
 
PDF
One HTTPS server in Modern Pascal to Rule Them All
byArnaud Bouchez
 
PPTX
ETH Belgrade 2025 - AI Agent Custody and Fund Access
byDejan Radic
 
PDF
Evolution and Examples of Java Features, from Java 1.7 to Java 25
byYann-Gaël Guéhéneuc
 
PDF
Agentic AI meets Serverless on AWS - AWS User Group Cologne 2025
byVadym Kazulkin
 
PDF
To Effect or Not to Effect - a Scala Perspective [Func Prog Conf 2025]
byssusera4be6d
 
DOCX
Digital Dominance_ Why You Need a Top Web Design Agency in Dubai.docx
bydigpal3
 
PPTX
Trailblazer Community Session - Patterns & Anti-Patterns_ The Good, The Bad, ...
bymansoorahmad941764
 
PDF
Ransomware Evolution: Extortion Tactics and Supply Chain Risks.pdf
byCyberneticGI
 
PDF
Workshop about mORMot 2 during EKON: write a clean-architecture TDD sample
byArnaud Bouchez
 
PDF
Claims Software Features That Improve Accuracy & Efficiency
byDataGenix
 
PDF
Dr. Robert Krug - A Data Science Veteran
byDr. Robert Krug
 
PPTX
Future-Proofing the PMO - Strategic Portfolio Management for 2026 and Beyond
byOnePlan Solutions
 
PDF
Delegating Behaviors in C++: A Practical Tour of the Available Mechanisms
byDaniele Pallastrelli
 
PDF
Chpetwr two Health Survey for - (2).pdf
byAhmedAlhadiAbduselam
 
PDF
SoftCorePC Full Updated Software Link Here
bySoftCore
 
PDF
Alluxio Webinar | Alluxio + S3 A Tiered Architecture for Latency-Critical, Se...
byAlluxio, Inc.
 
PDF
AI and Generative AI: Dual-Use Risks and Autonomous Threats.pdf
byCyberneticGI
 
PPTX
Your Enterprise’s Digital Hub for Connection and Collaboration
byarchanaaam99
 
PDF
Choosing Mobile App Development Services: A Clear Guide
byShiv Technolabs Pvt. Ltd.
 
Insurance Underwriting Software for Smarter Operations
byInsurance Tech Services
 
One HTTPS server in Modern Pascal to Rule Them All
byArnaud Bouchez
 
ETH Belgrade 2025 - AI Agent Custody and Fund Access
byDejan Radic
 
Evolution and Examples of Java Features, from Java 1.7 to Java 25
byYann-Gaël Guéhéneuc
 
Agentic AI meets Serverless on AWS - AWS User Group Cologne 2025
byVadym Kazulkin
 
To Effect or Not to Effect - a Scala Perspective [Func Prog Conf 2025]
byssusera4be6d
 
Digital Dominance_ Why You Need a Top Web Design Agency in Dubai.docx
bydigpal3
 
Trailblazer Community Session - Patterns & Anti-Patterns_ The Good, The Bad, ...
bymansoorahmad941764
 
Ransomware Evolution: Extortion Tactics and Supply Chain Risks.pdf
byCyberneticGI
 
Workshop about mORMot 2 during EKON: write a clean-architecture TDD sample
byArnaud Bouchez
 
Claims Software Features That Improve Accuracy & Efficiency
byDataGenix
 
Dr. Robert Krug - A Data Science Veteran
byDr. Robert Krug
 
Future-Proofing the PMO - Strategic Portfolio Management for 2026 and Beyond
byOnePlan Solutions
 
Delegating Behaviors in C++: A Practical Tour of the Available Mechanisms
byDaniele Pallastrelli
 
Chpetwr two Health Survey for - (2).pdf
byAhmedAlhadiAbduselam
 
SoftCorePC Full Updated Software Link Here
bySoftCore
 
Alluxio Webinar | Alluxio + S3 A Tiered Architecture for Latency-Critical, Se...
byAlluxio, Inc.
 
AI and Generative AI: Dual-Use Risks and Autonomous Threats.pdf
byCyberneticGI
 
Your Enterprise’s Digital Hub for Connection and Collaboration
byarchanaaam99
 
Choosing Mobile App Development Services: A Clear Guide
byShiv Technolabs Pvt. Ltd.
 

Secure Your Kubernetes Apps from Attacks with NGINX

  • 1.
    Secure Your KubernetesApps from Attacks with NGINX Thelen Blum – Sr. Product Marketing Manager, F5 NGINX Amir Rawdat– Technical Marketing Engineer, F5 NGINX
  • 2.
    ©2022 F5 2 Agenda Modern Applicationvs. Security Adoption Rates The Cost of a Breach Why Modern Application Security Needs a WAF How to Easily Secure Your Kubernetes Apps with NGINX App Protect WAF and NGINX Ingress Controller Demo Q & A
  • 3.
    ©2022 F5 3 APP PORTFOLIOsGROW AND MODNERNATION CONTINUES WITH MULTI-CLOUD DEPLOYMENTS How Many Apps do Most Organizations Have Today? Source: F5 State of Application Strategy Report 2022 - up 31% from 5 years ago 77% of those surveyed run apps in multiple clouds with 95% modernizing older applications.
  • 4.
    ©2022 F5 4 MORE THANTWO-THIRDS OF ORGS ARE USING AT LEAST TWO METHODS TO CREATE MODERN WORKFLOWS Application Modernization Continues to Rise - over 2020 Source: F5 State of Application Strategy Report 2021
  • 5.
    ©2022 F5 5 CONTAINERS FOUNDTO LACK SECURITY DUE TO CODE AND CONFIGURATION VULENRABILITIES Web Applications Remain a Top Attack Vector Source: Forrester, The State of Application Security, 2021
  • 6.
    ©2022 F5 6 HOW SECUREIS YOUR ORGANIZATION? The Severity of Recent Security Breaches • 2021 Vulnerability in Java logging library Log4j • Remote Code Execution / attacker full sys. access control • Still over 90,000 internet facing apps and 68,000 servers still publicly exposed • 2021 Facebook Data Breach of 533M individual’s personal information • Data scraped from Facebook servers • Due to a misconfiguration error • 2017 Equifax Data Breach of 147.9M individual’s personal information – 40% of the US population • Thought to be State Sponsored • Started due to a known vulnerability that was never patched
  • 7.
    ©2022 F5 7 INCREASED BYTHE LARGEST MARGIN IN SEVEN YEARS The Average Cost of a Data Breach up 10% from 2020 Source: Ponemon and IBM Security Cost of a Data Breach Report 2021
  • 8.
    ©2022 F5 8 MOST SIGNIFICANTCOST SAVINGS IN THE 2021 IBM COST OF A DATA BREACH REPORT Security Automation and AI Reduced Breach Costs by 80% Source: Ponemon and IBM Security Cost of a Data Breach Report 2021
  • 9.
    ©2022 F5 9 Software Vulnerabilities& Common Attack Vectors SOFTWARE VULNERABILITIES IN APPLICATION STACKS (CVEs) Software vulnerabilities are found in components of virtually all software stacks • Operating systems (Windows, Linux, containers) • Application servers • Support libraries • Programming languages • 3rd party libraries (NPM, CPAN, Ruby Gems) Threats such as Injection and XSS are well known, but difficult to mitigate, thus remarkably common • Injection • Cross Site Scripting • Cross-site request forgery • Insecure deserialization FREQUENTLY OCCURRING WEAKNESSES IN APPLICATION CODE (OWASP Top 10)
  • 10.
    ©2022 F5 10 What’s aWeb Application Firewall (WAF)? ENABLE PROTECTION AGAINST APPLICATION LAYER 7 ATTACKS
  • 11.
    ©2022 F5 11 Why aTraditional Firewall won’t Secure your Applications A WAF ENABLES PROTECTION AGAINST APPLICATION LAYER 7 ATTACKS Blocked by a NW Firewall Blocked by WAF Legitimate Traffic WEB APPLICATION FIREWALL vs. NETWORK FIREWALL
  • 12.
    ©2022 F5 12 Strong Appand API Security Built for Modern Apps CI/CD Friendly NGINX App Protect WAF
  • 13.
    ©2022 F5 13 Strong Appand API Security App and API security and controls built using F5 advanced WAF technology. Blocks attacks and helps prevent downtime. OWASP Top 10 Regulatory Compliance IP Blocking Prevent sensitive data loss F5-based Layer 7 Attack Protection API Security
  • 14.
    ©2022 F5 14 Built forModern Apps High performance security, low latency and highly scalable. Seamless integration into the #1 web application platform High performance Deployment options Minimizes tool sprawl Lightweight footprint Seamless NGINX Integration 20X+ faster than alternative OSS
  • 15.
    ©2022 F5 15 CI/CD Friendly Enablesecurity to keep pace with DevOps and Support “shift left” initiatives Declarative policies Speed Time to Market Enable AppDev Reduced cost Feedback loops Automate security in CI/CD cycle
  • 16.
    ©2022 F5 16 NGINX AppProtect WAF Deployment Options 3
  • 17.
    ©2022 F5 17 Fully IntegratedSolution • Configured from familiar, powerful K8s API • Integrates security and WAF natively into the CI/CD pipeline Business Benefits • Reduce complexity and tool sprawl • Accelerate time to market and reduces costs with DevSecOps-automated security • Achieve resilience, visibility and security Easily Secure your Kubernetes Apps and Services with NGINX App Protect WAF and NGINX Ingress Controller we are here SECURE YOUR KUBERNETES ENVIRONMENT AT SCALE
  • 18.
    ©2022 F5 18 NGINX IngressController A SPECIALIZED LOAD BALANCER FOR KUBERNETES ENVIRONMENTS Kubernetes Node Kubernetes Node Kubernetes Node Ingress controllers Load balancer Users • Accepts traffic from outside the Kubernetes platform, and load-balances it to pods (containers) running inside the platform • Configured using the Kubernetes API, with objects called ‘Ingress Resources’ • Monitors the pods running in Kubernetes, and automatically updates the load balancing rules if, for example, pods are added or removed from a service
  • 19.
    ©2022 F5 19 Choosing yourModel for App Protection SNI VS PATH-BASED
  • 20.
    ©2022 F5 20 CONFIDENTIAL Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional Host TLS Upstreams Routes -Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional NGINX Ingress Resources – Rich Capabilities Host TLS Policies Upstreams Routes - Path Policies Action Split Match Route ErrorPage pass redirect return proxy delegation VirtualServer pass redirect return proxy pass redirect return proxy Host Upstreams Subroutes - Path Policies Action Split Match ErrorPage pass redirect return proxy VirtualServerRoute NGINX server configuration NGINX http configuration Server and HTTP snippets NGINX location configuration Location snippets Policies Access Control Rate Limiting Auth (JWT, OIDC) MTLS (Ingress/Egress) App Protect WAF
  • 21.
    ©2022 F5 21 NGINX AppProtect WAF – Visibility Integrations
  • 22.
  • 23.
    ©2022 F5 23 A LIGHTWEIGHT,HIGH-PERFORMANCE MODERN APP SECURITY SOLUTION NGINX App Protect WAF Delivers Strong Kubernetes App Security Security policies and protections are optimized for DevOps workflow. Deploy and manage app security controls across distributed environments. Embed Security Policy Into Your Pipeline Integrate security controls directly into your pipeline with security as code. Secure Modern Apps Strong security controls for microservices, containers, APIs, and other modern topologies. Gain Security Insights Security tools that go beyond alerts with intelligent security insights about your apps and APIs. Centralized visibility and insights dig into the root cause of application issues.
  • 24.
  • 25.
    ©2022 F5 25 Test DriveNGINX for yourself with a 30-day FREE Trial Today! https://www.nginx.com/free-trial-request-nginx-ingress-controller/ If you would like to try today’s presented demo for yourself, you can access it from the GitHub Repo located here: https://github.com/rawdata123/app-protect-sni/tree/master