How does Application Security work?

Application Security is built for speedy deployment, with minimal impact on development streams and performance.

The Application Security protection can be added in three types of environments:

  • as a DaemonSet, protecting applications running in Kubernetes clusters
  • as a layer, protecting functions running in AWS Lambda
  • as an agent providing function self protection for Azure Functions
  • as a runtime protection agent, included in web application packages

Application Security DaemonSet for Kubernetes

Runtime protection for Kubernetes clusters is added from the Container Security console.

For pricing information on Application Security and Container Security, see Cloud One billing and pricing.

When adding the runtime protection to a Kubernetes cluster, there are three main components to consider:

Security Group: When adding the runtime protection from the Container Security console, a security group is automatically created in Application Security Runtime console, for the Kubernetes cluster. The Security Group created has the same name as the cluster name in the Container Security console – see Add a cluster in the Container Security help.

DaemonSet: Application Security runtime protection is deployed as a DaemonSet in the Kubernetes cluster, and Container Security provides a Helm chart for easy deployment of the runtime agent.

Policies: Policies are a collection of rules that protect your application from a variety of threats. The threats Application Security DaemonSet policies protect against are:

Whenever a policy is triggered, an event is displayed on the Application Security dashboard that indicates how serious the threat is. For more information, see Configure a Policy for DaemonSet.

Application Security Layer for AWS Lambda

Functions running with AWS Lambda can be protected leveraging Application Security layers for AWS Lambda. The Application Security layer protection can be configured in seconds, without requiring code change. In order to protect your functions, three main components need to be configured:

Security Groups: A security group defines the common set of policies for a collection of serverless functions. The security group can include multiple instances of serverless functions. A security group is assigned a key and secret to authenticate and authorize an Application Security layer as being associated with the security group. For more information, see Add a Group.

Layer: Application Security Layer provides the protection for the function code and libraries, without needing to modify your development code. You just need to configure the Application Security Layer with your function in AWS Lambda and include the required keys. For more information, see AWS Lambda Configuration.

Policies: Policies are a collection of rules that protect your functions from a variety of threats. The threats Application Security policies protect against are:

Whenever a policy is triggered, an event is displayed on the Application Security dashboard that indicates how serious the threat is. For more information, see Configure a Policy.

Function Self Protection for Azure Functions

Functions running with Azure Functions can be protected leveraging the Application Security agents. The Application Security agent takes only a few moments to add to the Function to add the protection, and only two main components need to be configured:

Security Groups: A security group defines the common set of policies for a collection of serverless functions. The security group can include multiple instances of serverless functions. A security group is assigned a key and secret to authenticate and authorize an Application Security agent as being associated with the security group. For more information, see Add a Group.

Policies: Policies are a collection of rules that protect your functions from a variety of threats. The threats Application Security policies protect against are:

Whenever a policy is triggered, an event is displayed on the Application Security dashboard that indicates how serious the threat is. For more information, see Configure a Policy.

The function self protection for Azure Functions supports the following combinations: - Python programming language for python 3.6 to 3.8 - HTTP Trigger - Linux Operating System

Application Security Runtime Protection Agent

It only takes a moment to add the agent to your application, and there is no need to change your development code. There are three main components that need to be configured to protect your application:

Security Groups: A security group is a collection of web applications and / or serverless functions sharing a common set of policies. The security group can include multiple instances of an application, multiple applications and / or serverless functions. A security group is assigned a key and secret to authenticate and authorize an agent as being associated with the security group. For more information, see Add a Group.

Agents: Application Security agent's act as a library that is integrated with your application, without needing to modify your development code. You just need to include the Application Security agent with your application and activate it with the application keys. For more information, see Install an Agent.

Policies: Policies are a collection of rules that protect your application from a variety of threats. The threats Application Security policies protect against are:

Whenever a policy is triggered, an event is displayed on the Application Security dashboard that indicates how serious the threat is. For more information, see Configure a Policy.