Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Looking for a k3OS Alternative? Choosing a Container OS for Edge K8s
Mar 28th 2023 5:57am, by Nicolas Vermande
Factor Cost Efficiency into Platform Engineering for Growth, Profitability
Mar 27th 2023 10:00am, by Omer Hamerman
Digital Anarchy: Abolishing State
Mar 23rd 2023 6:32am, by Tim Banks
A Is for OpenStack Antelope
Mar 22nd 2023 7:41am, by Steven J. Vaughan-Nichols
Grab a Snapshot of Your Container Image with Checkpoint
Mar 11th 2023 6:00am, by Jack Wallen
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by Joab Jackson
Inspect Container Images with the docker scan Command
Mar 25th 2023 6:00am, by Jack Wallen
Building and Securing Containers with Slim.ai
Mar 24th 2023 11:59am, by Steven J. Vaughan-Nichols
Catching up with the Founder and CEO of Portainer
Mar 24th 2023 4:00am, by Jack Wallen
Check for Container Image Vulnerabilities with Trivy
Mar 18th 2023 6:00am, by Jack Wallen
Vercel Adds Remix: Integration Supports Larger Apps
Mar 29th 2023 10:22am, by Loraine Lawson
5 Trends to Watch for at KubeCon EU 2023
Mar 28th 2023 10:00am, by Saad Malik
What Wasm Needs to Reach the Edge
Mar 27th 2023 9:00am, by B. Cameron Gain
What Are Time Series Databases, and Why Do You Need Them?
Mar 27th 2023 5:00am, by Robert Kimani
Startup pgEdge Tackles the Distributed Edge with Postgres
Mar 27th 2023 4:00am, by Susan Hall
Saga Without the Headaches
Mar 24th 2023 10:00am, by Dominik Tornow
What Is Microservices Architecture?
Feb 23rd 2023 4:22am, by Eric Schabell
Java's History Could Point the Way for WebAssembly
Jan 12th 2023 3:00am, by B. Cameron Gain
Limiting the Deployment Blast Radius
Nov 15th 2022 8:14am, by Steven Lohrenz
Do ... or Do Not: Why Yoda Never Used Microservices
Oct 25th 2022 6:00am, by Samar Abbas
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by Joab Jackson
JWTs: Connecting the Dots: Why, When and How
Mar 20th 2023 7:10am, by Michal Trojanowski
Palo Alto Networks Adds AI to Automate SASE Admin Operations
Mar 17th 2023 6:00am, by Chris J. Preimesberger
TrueNAS SCALE Network Attached Storage Meets High Demand
Mar 2nd 2023 7:13am, by Jack Wallen
Serverless WebAssembly for Browser Developers
Mar 22nd 2023 12:26pm, by Matt Butcher
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
TriggerMesh: Open Sourcing Event-Driven Applications
Mar 13th 2023 12:14pm, by Jessica Wachtel
Ably Touts Real-Time Starter Kits for Vercel and Netlify
Mar 8th 2023 10:56am, by Loraine Lawson
Going Serverless on AWS Lambda? Recognize Potential Risks 
Mar 6th 2023 5:00am, by Sarabjeet Chugh
Best Practices to Build IoT Analytics
Mar 27th 2023 9:33am, by Zoe Steinkamp
What Are Time Series Databases, and Why Do You Need Them?
Mar 27th 2023 5:00am, by Robert Kimani
The Economics of Database Operations
Mar 23rd 2023 8:25am, by John Page
Digital Anarchy: Abolishing State
Mar 23rd 2023 6:32am, by Tim Banks
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
Vercel Adds Remix: Integration Supports Larger Apps
Mar 29th 2023 10:22am, by Loraine Lawson
Wolfram ChatGPT Plugin Blends Symbolic AI with Generative AI
Mar 29th 2023 6:42am, by Richard MacManus
No More JavaScript: How Microsoft Blazor Uses WebAssembly
Mar 27th 2023 7:22am, by David Eastman
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by Loraine Lawson
Toolkit Allows JavaScript Devs to Program Embedded Devices
Mar 23rd 2023 11:06am, by Loraine Lawson
What Is Platform Engineering and When Should You Invest in It?
Mar 30th 2023 8:57am, by Amit Gupta
Real-Time Materialized Views — Oxymoron or Killer Feature? 
Mar 30th 2023 8:18am, by Hari Subhash
Why Successful Platform Engineering Teams Need a Product Manager 
Mar 29th 2023 8:25am, by David Sandilands
Wolfram ChatGPT Plugin Blends Symbolic AI with Generative AI
Mar 29th 2023 6:42am, by Richard MacManus
3 Important AI/ML Tools You Can Deploy on Kubernetes 
Mar 29th 2023 6:16am, by Patrick McFadin
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by Joab Jackson
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by Loraine Lawson
JavaScript or WebAssembly: Which Is More Energy Efficient and Faster?
Jan 30th 2023 9:51am, by Loraine Lawson
What TypeScript Brings to Node.js
Dec 26th 2022 3:00am, by Paul Ferrill
Improve your TypeScript Skills with Type Challenges
Nov 11th 2022 3:00am, by Danni White
Python in the Browser: Free PyScript SaaS Launches
Mar 28th 2023 7:12am, by Loraine Lawson
What Wasm Needs to Reach the Edge
Mar 27th 2023 9:00am, by B. Cameron Gain
No More JavaScript: How Microsoft Blazor Uses WebAssembly
Mar 27th 2023 7:22am, by David Eastman
WebAssembly Providers Speed Ahead to Fill Serverless Gaps
Mar 24th 2023 2:00am, by B. Cameron Gain
VMware and Other Wasm Players Want WebAssembly 
Mar 23rd 2023 8:52am, by B. Cameron Gain
Surprising Results in the 2023 Third-Party App Access Report
Mar 27th 2023 11:26am, by Maor Bin
Unlock the Next Wave of Machine Learning with the Hybrid Cloud
Mar 22nd 2023 10:00am, by Kjell Carlsson
Getting the Most from Kubernetes Autoscaling
Mar 21st 2023 7:06am, by Brian Likosar
ScyllaDB Challenges DynamoDB on Latency and Pricing
Mar 20th 2023 9:00am, by Jessica Wachtel
Multiple Vendors Make Data and Analytics Ubiquitous
Mar 20th 2023 5:00am, by Andrew Brust
Real-Time Materialized Views — Oxymoron or Killer Feature? 
Mar 30th 2023 8:18am, by Hari Subhash
Why Fast JSON Analytics Is Foundational for Modern Web Apps
Mar 30th 2023 6:53am, by Arnaud Comet
3 Important AI/ML Tools You Can Deploy on Kubernetes 
Mar 29th 2023 6:16am, by Patrick McFadin
Data Unleashed: Unlocking Powerful Business Insights
Mar 28th 2023 9:47am, by Irfan Khan
Best Practices to Build IoT Analytics
Mar 27th 2023 9:33am, by Zoe Steinkamp
At QCon: Why Generative AI Is Harmful to Earth and Society
Mar 30th 2023 6:00am, by Jennifer Riggins
Wolfram ChatGPT Plugin Blends Symbolic AI with Generative AI
Mar 29th 2023 6:42am, by Richard MacManus
3 Important AI/ML Tools You Can Deploy on Kubernetes 
Mar 29th 2023 6:16am, by Patrick McFadin
The Next Wave of Big Data Companies in the Age of ChatGPT
Mar 24th 2023 7:40am, by Richard MacManus
Nvidia Hones in on Apple-Like Approach to AI with CUDA
Mar 23rd 2023 7:34am, by Agam Shah
Ubuntu Pro Tackles the Challenge of Enterprise Open Source Adoption
Mar 29th 2023 10:00am, by Lech Sandecki
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
Twitter's Source Code Leak Adds to Elon Musk's Social Media Mess
Mar 27th 2023 1:42pm, by Steven J. Vaughan-Nichols
Surprising Results in the 2023 Third-Party App Access Report
Mar 27th 2023 11:26am, by Maor Bin
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
What Is Platform Engineering and When Should You Invest in It?
Mar 30th 2023 8:57am, by Amit Gupta
Why Successful Platform Engineering Teams Need a Product Manager 
Mar 29th 2023 8:25am, by David Sandilands
Self-Service Infrastructure as Code in a Dev Portal with GitOps
Mar 29th 2023 6:54am, by Zohar Einy
High-Performing DevOps Teams Build Self-Service Platforms
Mar 29th 2023 4:00am, by Heather Joslyn and Lawrence E Hecht
5 Trends to Watch for at KubeCon EU 2023
Mar 28th 2023 10:00am, by Saad Malik
The End of Programming Is Nigh
Mar 29th 2023 11:31am, by Alex Williams
Self-Service Infrastructure as Code in a Dev Portal with GitOps
Mar 29th 2023 6:54am, by Zohar Einy
5 Trends to Watch for at KubeCon EU 2023
Mar 28th 2023 10:00am, by Saad Malik
Data Unleashed: Unlocking Powerful Business Insights
Mar 28th 2023 9:47am, by Irfan Khan
Bringing Principles into the World of Incident Management 
Mar 28th 2023 8:41am, by Luis Gonzalez
How 2 Founders Sold Their Startup to Aqua Security in a Year
Mar 22nd 2023 1:42pm, by Heather Joslyn
Simplify CI/CD with a General-Purpose Software Catalog
Mar 14th 2023 6:24am, by Zohar Einy
IBM Donates SBOM Code to OWASP
Mar 7th 2023 7:51am, by Steven J. Vaughan-Nichols
Slim.AI: Automating Vulnerability Remediation for a Shift-Left World
Feb 21st 2023 10:00am, by John Amaral
DevPod: Uber's MonoRepo-Based Remote Development Platform
Jan 26th 2023 3:00am, by Jessica Wachtel
At QCon: Why Generative AI Is Harmful to Earth and Society
Mar 30th 2023 6:00am, by Jennifer Riggins
Why Successful Platform Engineering Teams Need a Product Manager 
Mar 29th 2023 8:25am, by David Sandilands
Technical Decision Making at Trivago
Mar 28th 2023 3:00am, by Jessica Wachtel
How 2 Founders Sold Their Startup to Aqua Security in a Year
Mar 22nd 2023 1:42pm, by Heather Joslyn
Stephen Thaler Claims He's Built a Sentient AI
Mar 16th 2023 8:10am, by David Cassel
What Is Platform Engineering and When Should You Invest in It?
Mar 30th 2023 8:57am, by Amit Gupta
Why Successful Platform Engineering Teams Need a Product Manager 
Mar 29th 2023 8:25am, by David Sandilands
Self-Service Infrastructure as Code in a Dev Portal with GitOps
Mar 29th 2023 6:54am, by Zohar Einy
High-Performing DevOps Teams Build Self-Service Platforms
Mar 29th 2023 4:00am, by Heather Joslyn and Lawrence E Hecht
Automation: All Fun and Games Until Something Goes Wrong
Mar 27th 2023 10:47am, by Richard Gall
5 Trends to Watch for at KubeCon EU 2023
Mar 28th 2023 10:00am, by Saad Malik
Looking for a k3OS Alternative? Choosing a Container OS for Edge K8s
Mar 28th 2023 5:57am, by Nicolas Vermande
A Is for OpenStack Antelope
Mar 22nd 2023 7:41am, by Steven J. Vaughan-Nichols
Getting the Most from Kubernetes Autoscaling
Mar 21st 2023 7:06am, by Brian Likosar
Is Cluster API Really the Future of Kubernetes Deployment?
Mar 14th 2023 10:00am, by Steve Francis
Boost SRE Productivity with Observability-Driven Automation
Mar 28th 2023 8:00am, by Rob Jahn
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by Joab Jackson
Reducing the Cognitive Load Associated with Observability
Mar 22nd 2023 6:44am, by Alex Gervais
Vercel Brings Logging, Monitoring to Its Observability Suite
Mar 22nd 2023 3:00am, by Jessica Wachtel
Is Your Incident Response Better Than an Energy Company’s?
Mar 21st 2023 9:04am, by Paige Cruz
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
AmeriSave Moved Its Microservices to the Cloud with Traefik's Dynamic Reverse Proxy
Sep 8th 2022 2:02pm, by Ann R. Thryft
Can You Now Safely Remove the Service Mesh Sidecar?
Sep 8th 2022 9:19am, by B. Cameron Gain
Cloud Native Ecosystem / Security

A New Approach to the Firewall for Protecting Cloud Native Services

Sponsored Content: Palo Alto Network's Ory Segal discusses how the company’s Web Application Firewall offers apps end-to-end protection for services in declarative environments.
Feb 2nd, 2021 5:00pm by and
Featued image for: A New Approach to the Firewall for Protecting Cloud Native Services

Palo Alto Networks is providing a new approach to protecting APIs and Web applications with the release of its Web Application Firewall, an extension of its Prisma Cloud cloud native security platform.

Hosted by Alex Williams, founder and publisher of The New Stack, this edition of The New Stack Makers podcast features Ory Segal, senior distinguished research engineer, Palo Alto Networks, discussed how the WAF module and Prisma in general addresses security in today’s highly distributed cloud native environments.

Within Prisma Cloud,  the traditional concept of firewall security no longer applies. Indeed, while firewalls were previously applicable for protection of environments with closed perimeters, such as local area networks (LANs), Palo Alto Network’s so-called firewall protection is something altogether different.

“Part of the functionality is actually a web application firewall, which is very different from what our listeners are probably used to,” said Segal. “The word ‘firewall’ is a bit dated, but as you will see, the concepts that we are presenting here are completely new and are for completely new-and-modern environments.”

In cloud native environments, since “there’s no longer any perimeter,” Segal said security involves protecting cloud assets, including containers, serverless and other ephemeral and distributed environments. “You have clusters coming up and down being deployed in one region or another and some of the workloads are running in private cloud or on-prem, while some are in public clouds,” said Segal. “And so deploying the traditional firewall in the legacy, traditional sense of the word, is no longer possible — you need to come up with a new novel approach.”


Ory Segal – A New Approach to the Firewall for Protecting Cloud-Native Services

Also available on Apple Podcasts, Google Podcasts, Overcast, PlayerFM, Pocket Casts, Spotify, Stitcher, TuneIn

In addition to API protection, access control, file upload control, detection of unprotected web applications and other features, WAF offers a “penalty box” for attackers that can “ban” attackers’ access on an as-need basis.

“So, once we detect that an attacker or a user or a client is doing malicious actions, users can decide to take action in the form of a ban and that would put the malicious user on the inside in the penalty box for five minutes. Now, it’s not only annoying for the attacker, since they have to stop every five minutes to continue with the attack, it’s also a very cool protection layer because most of the time attackers will not start with their most sophisticated attack payloads, and will instead start by probing and sending reconnaissance probes,” said Segal.

“And those probes will already trigger the ‘ban’ action, and we’ll put them on the inside for five minutes. And then it doesn’t matter if then they pull out the big gun or big trick or the sophisticated attack, since those will be automatically and categorically blocked, because they’re in the penalty box, which again, is a very good defense against such attacks.”

Group Created with Sketch.
Alex Williams is founder and editor in chief of The New Stack. He's a longtime technology journalist who did stints at TechCrunch, SiliconAngle and what is now known as ReadWrite. Alex has been a journalist since the late 1980s, starting...
Read more from Alex Williams
BC Gain’s obsession with computers began when he hacked a Space Invaders console to play all day for 25 cents at the local video arcade in the early 1980s. He then started writing code for very elementary games on the...
Read more from B. Cameron Gain
SHARE THIS STORY
RELATED STORIES
Bullet-Proofing Your 5G Security Plan 5 Security Principles to Guide Your DevSecOps Journey Do Your Cloud Apps Need a CNAPP? Is Your IaC Template a Route Map for Hackers? Mature Cloud Native Security Improves Developer Efficiency
TNS owner Insight Partners is an investor in: Pragma, The New Stack.
RELATED STORIES
Bullet-Proofing Your 5G Security Plan 5 Security Principles to Guide Your DevSecOps Journey Do Your Cloud Apps Need a CNAPP? Is Your IaC Template a Route Map for Hackers? Mature Cloud Native Security Improves Developer Efficiency
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.