Blog

No items found.
Announcing NGINX Support

Curiefense v1.4 is now available. This is a milestone release; along with a number of updates and additions, Curiefense is now integrated with NGINX.

Recap: Curiefense Community Meeting #1

Open source isn’t open source without community. And so we were very excited to host our very first community meeting where we can bring everyone together in a virtual space to discuss anything and everything to do with Curiefense.

Hacked via Slack: How to Avoid an EA-style Breach

Another high-profile breach is in the news. This time, the victim was compromised through Slack. Here’s what happened, and how Curiefense can help to avoid a similar incident at your organization.

Changes to Helm charts

Until recently, Curiefense’s Helm charts were part of the Curiefense repository. Now they have been moved into a separate repo. Here’s why this was done, and the benefits that we expect from this.

Evaluating logging tools, choosing rotatelogs

As discussed previously, version 1.4 will include some changes to logging. Some of them created a file management problem. We evaluated several options for log file rotation; here’s what we chose, and why.

Learning in Public with Kelsey Hightower

Our awesome guest this time is Kelsey Hightower, who is Principal Engineer and Principal Staff Advocate at Google in the Google Cloud Platform Division. Kelsey shares with us how ended up in the Cloud Native space, joining Google, and his job offer at NASA. We also learn about how Kelsey succeeds with his live demo’s, why he calls himself a Minimalist.

Changes to logging in version 1.4

Curiefense currently offers a variety of outputs for its traffic logs. In version 1.4, this will change, and later, some of its current behavior will be deprecated. In this post, we’ll discuss how and why this is happening.

Building a Business Around Popular Open-Source Tools for Kubernetes

We chatted to Richard Li – someone who has accomplished building open-source tools that bring tons of value to the community and running a successful commercial business with Ambassador Labs.

The Performance of Curiefense

How much processing latency does Curiefense introduce? Here are the results from some recent testing, and how you can run the same tests within your own environment.

Cloud Architecture and Giving Back to Open Source

Mike Sparr is currently the Chief Cloud Architect at DoiT International but comes from a long history of programming and cloud services. Starting off with a beaten-up Tandy TRS-80, Sparr played with computers from the age of 10, learning programming in a range of languages and sparking an obsession with software.

How to Manage a Successful CNCF Project (Like Linkerd)

It takes a lot of skill to be able to facilitate a successful CNCF project and we wanted to get a sense of what it looks like in the trenches. So, we spoke to William Morgan to delve into the good, the bad, and the ugly.

Single- versus Multi-Tenant Web Security, Part 2: Performance and Cost

The previous article discussed the data protection and privacy advantages of a dedicated single-tenant security architecture. This article continues this theme and discusses performance and cost.

Single- versus Multi-Tenant Web Security, Part 1: Protection and Privacy

Most commercial web security solutions are based on a multi-tenant architecture. Curiefense is single-tenant; here's why this is important, and the advantages that this architecture provides.

Web Security on Service Meshes, Part 2: Making It Inherent

In a service mesh architecture, can legacy security solutions still be used, or will a different approach be required? What about cloud-based solutions? Is there a way to make security an inherent part of the mesh? These questions are the focus of this article.

How Appfleet Fits into the Cloud Native Ecosystem

The Cloud Native Ecosystem continues to develop and expand its reach as more and more entrepreneurs see pain points in the developer landscape and seek to fill those gaps.

Web Security on Service Meshes, Part 1: Introduction

Many organizations today have embraced microservices; they have abandoned the legacy, monolithic infrastructure of applications in the past, and moved into a world of APIs, cloud native infrastructure, and containerization. However, while microservices provide many benefits, they also introduce unique challenges.

Curiefense GA (1.3.0) Released

A lot has happened since the initial release of v1.0 in November, and not just in our changelog. Here are some of the highlights.

Now a CNCF Sandbox Project

Curiefense has been accepted as a Sandbox Project within the Cloud Native Computing Foundation. Here's what this means, now and going forward.

Hostile Bot Detection Part 2: How Curiefense Does It

The previous article on Hostile Bot Detection discussed why it is so important, and the problems with using reCAPTCHA for this. Now in part 2, we'll discuss how Curiefense identifies and filters malicious bots.

Hostile Bot Detection Part 1: Replacing reCAPTCHA

reCAPTCHA is a popular service for automatically excluding bots, but there is a growing dissatisfaction over its UX, effectiveness, and potential lack of privacy. For organizations seeking an alternative, what is available to replace it?

API Security, Part 3

This article continues the discussion of API security mechanisms, including session flow control, behavioral profiling, content filtering, hostile bot detection, and deep packet inspection.

Adding Web Security to Envoy

As Envoy Proxy continues to grow and becomes more widely adopted, a natural next step is to add security capabilities. Curiefense leverages Envoy's extensibility and flexibility to provide traffic filtering for a wide variety of use cases.

API Security, Part 2

Curiefense includes a number of security mechanisms for defending APIs against hostile traffic. This article discusses API Discovery, Identity-Based Filtering, Mobile Client Authentication, Behavior Enforcement, and Rate Limiting.

API Security, Part 1

API security is increasingly important on the web today. However, filtering API traffic is, in some ways, quite different than protecting a web application. Here's how Curiefense approaches these challenges.

Inspired by Marie Curie

Reblaze Data Scientist Tamara Shostak writes about being inspired by Marie Curie and the example she set by her life, work ethic, and extensive accomplishments.

The Curiefense WAF

Curiefense's WAF protects against a wide range of attacks. It includes an extensive database of threat signatures, and users can create custom security policies as well. Here are its capabilities and how to use them.

How Curiefense Works

Curiefense represents a new approach to web security: traffic filtering done directly within the service mesh. Here’s how it works.

Introducing Curiefense

Curiefense is a new open-source cloud-native application security platform. It integrates security directly into modern service architectures, and offers multiple benefits that were not previously available in this form.

An Intuitive System

To filter HTTP traffic, Curiefense uses an intuitive tag-based system. It's flexible and powerful, but still straightforward to understand and use. Here's how it works.

Welcome to Curiefense

Welcome to Curiefense. Curiefense is a new application security platform which protects sites, services, and APIs. It extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site scripting (XSS), account takeovers (ATOs), application-layer DDoS, remote file inclusion (RFI), API abuse, and more.