top of page
Editorial

ModSecurity Alternative

How Jonathan replaced his soon-unsupported ModSecurity WAF with open-appsec's free Community Edition to protect EKS environments and significantly improve security effectiveness thanks to Machine Learning Jonathan is part of a rather small security team at a mid-size industrial company. They have limited personnel available to manage all the different security solutions and also face strong financial constraints, as their business growth fluctuates and came in below expectations recently. Jonathan noticed a recent announcement for the End-of-life of one of their core solutions, ModSecurity, happening in less than two years. He immediately started looking for an alternative. He wanted to protect their web applications on their Kubernetes (K8s) clusters, which were using Amazon's EKS service in their AWS environment. His requirements were that the solution should be free, open-source and also integrated into their existing NGINX Ingress Controller (similar to their current ModSecurity integration). Knowing that Machine Learning is used more and more in cyber security, he searched the internet for an ML-based WAF and discovered open-appsec. He liked that it could be fully automatic, with close to no maintenance effort, and initial deployment would take only 10-15 minutes. Even in prevent mode, he could leave it alone and it would still preempt Zero Day attacks. Jonathan decided to give it a try and installed the free open-appsec Community Edition. After comparing the different deployment options, he decided to adjust his existing Helm chart for the NGINX-based Ingress Controller deployment to add and integrate Open AppSec as his new ML-based protection layer. He was happy to find out this could be done quickly in a fully declarative way. This made it fully compatible with his existing K8s GitOps CD, which used a repo stored in AWS CodeCommit. For logging and monitoring, they used the Prometheus/Grafana integration that is provided by Open AppSec. When his team leader later asked him if he could perhaps also provide an additional WebUI to visualize the current security configuration, agent status and advanced logging and reporting capabilities, Jonathon looked at the open-appsec Docs. He was pleased to see an option to subsequently integrate a local-only declarative open-appsec deployment into a free SaaS tenant (also an optional part of the Community Edition). This covered all the requirements his team leader asked for. Set up took just 5 minutes for tenant creation and creating and adding a "connection token" to their existing declarative deployment. Best of all: After having finished the swap from ModSecurity to open-appsec in their AWS EKS environment, whenever they heard about new critical vulnerabilities like Log4J or Spring4Shell framework, they realized they were already preemptively protected without having to install even a single signature update to their open-appsec Agents.

Experiment with open-appsec for Linux, Kubernetes or Kong using a free virtual lab

bottom of page