Reblaze, an Israeli cloud-native, managed application security solution provider, has released a commercial version of Curiefense, a Cloud Native Computing Foundation (CNCF) sandbox security project. The project works on protecting cloud-native applications and APIs from threats such as cross-site scripting (XSS), SQL injection, application-layer Distributed Denial of Service (DDoS), and API abuse.

Envoy is an open-source edge proxy that was designed to be used with cloud-native applications. This platform is also used as a communication bus and universal data plane for large microservice service mesh architectures. Curiefense is one step ahead of the Envoy Filter. It can be used wherever Envoy is running, whether as an ingress gateway, a load balancer, a sidecar or reverse proxy, or other situations. Curiefense can be attached directly to Envoy and provides immediate protection to the platform.

Curiefense is licensed under Apache 2.0. And while it is still in the CNCF sandbox, Reblaze feels its production-ready.

Being on the higher side of the Envoy, it makes use of GitOps and native security support for Kubernetes and service meshes such as Istio. The programmers claim that Curiefense is an API-first security platform designed for developers by developers.

The Curiefense includes the following full specifications:

  • Supports DevOps/Infrastructure as Code/GitOps
  • Driveable by UI, cURL, and Swagger
  • Configurations are imported/exported in JSON/YAML
  • All data and configurations versioned in Git
  • Supports branched environments (e.g., Prod/DevOps/QA)
  • Real-time analytics/metrics, integrated with Prometheus/Grafana and ELK stack
  • Built-in automated threat feeds bring your own
  • Advanced bot detection/biometric human verification
  • Premium services including machine learning-based, automated security configuration, and 24/7 support

It’s a platform-agnostic platform that can run on cloud VMs and as an Envoy plugin. The deployment options include Docker Compose, Helm chart, Terraform, with more approaches on the way.

Curiefense assures that whatever data is collected and analyzed is kept within the users’ system and is not exported to any third-party sites or any databases.

“Modern cloud-native deployments need sophisticated edge networking security and, historically, open solutions have lacked in this space,” said Matt Klein, Creator of Envoy Proxy, in a statement. “Curiefense takes a new open approach to an age-old problem and I am very excited to see this unique solution on the market. The Envoy community looks forward to working with the Curiefense team to iterate and collaborate on this critical initiative.”

Curiefense is an open-source that comes with a complete API. Reblaze provides its own commercial automation layer to make it easy to deploy, maintain, and use. It also reported that this version of the program will also be updated more often.

Reblaze will provide Curiefense as a fully hosted and managed SaaS offering. It is made available on most of the popular public clouds. It will also include Amazon Web Services (AWS), Digital Ocean, Azure, and the Google Cloud Platform.