SUSE Guest Blog by Reblaze
Guest Author: Justin Dorfman, Open Source Program Manager, Reblaze
Curiefense is a new, open-source application security platform that protects sites, services and APIs. It extends Envoy proxy to defend against a variety of threats including SQL and command injection, cross-site scripting (XSS), account takeovers (ATOs), application-layer DDoS, remote file inclusion (RFI), API abuse and more.
By building it on top of Envoy, we benefit from the many advantages of Envoy such as service discovery, HTTP/2, and gRPC support, as well as seamless integration into cloud-native API gateway and service mesh deployments.
Curiefense inspects every request and analyzes it according to security policies. Some of these policies are inherent, some are customized by the user, some are received from external threat feeds, and some are automatically generated and adapted as the threat environment evolves.
Work started on Curiefense in January 2020 because the range, frequency, and severity of cyberattacks is ever-expanding. Attackers evolve rapidly, perfecting their tools and techniques and demonstrating unprecedented capabilities. We realized collaboration is the most promising way to build a better, more comprehensive, transparent, scalable, and easy-to-use security solution.
We are looking to collaborate with the vast communities of Envoy, Kubernetes, and other cloud-native products to provide the ultimate cloud-native application security via a platform that is open, extensible, adaptive, and evolving while preserving total privacy for its users.
Throughout the year, we were fortunate to work closely with tech leadership at organizations such as Cisco, eBay, and Lyft – integrating their feedback across the design, implementation, API, and packaging aspects of the project, as well as shaping its roadmap. This was indeed a humbling experience for which we are grateful.
“I am extremely excited to see a cloud-native open source, API driven, WAF solution. Security is of critical importance to modern cloud-native deployments, and open solutions have historically been lacking in this space.
Curiefense’s tight integration with Envoy and the rest of the cloud-native ecosystem will allow for rapid iteration and robust collaboration on this critical component. I am very excited to see what the community can produce in aggregate when everyone is working together to evolve the status quo in OSS WAF solutions.” Matt Klein, Creator of Envoy
We’ve released the first open-source version of the platform which has been tested at scale and already operates in production. The free platform is fully operational, sufficient for most use cases, and offers more features and benefits than most commercial solutions.
We named this project after the famous scientist Marie Curie. The project began with intensive work sessions in Malakoff France, close to Marie’s home and laboratory on the outskirts of Paris, and was released today on her birthday, Nov 7th, in 2020.
We’re eager to receive feedback, opinions, and ideas from the community so we can make the platform even better than we could on our own. Join us on GitHub.
Feel free to join our spam-free mailing list at https://groups.google.com/a/curiefense.io/g/community, follow us on twitter if you like, and if you like podcasts, consider subscribing to Committing to Cloud Native
Justin Dorfman: https://www.linkedin.com/in/justindorfman/
Justin Dorfman is Reblaze’s Open Source Program Manager and is responsible for fostering the adoption of their project Curiefense in the cloud-native space. Previously, Justin led similar initiatives for Gitcoin, Sticker Mule, & MaxCDN.
Justin has contributed to Bootstrap, Font Awesome, jQuery, NGINX, GNU Bash, and many more. He also serves on the Selection Committee for Mozilla’s Open Source Support (MOSS) program and the Open Source Collective’s board of directors. In 2017, he co-founded SustainOSS, which hosts events and podcasts for Open Source Software Sustainers.