top of page
Eyal Katz

Transitioning from ModSecurity WAF to open-appsec at IT Creation, Netherlands

IT Creation is a growing Dutch firm specializing in custom Hosting and IT Services. It operates an ISO certified private data center, designed to ensure maximum uptime and unparalleled customer service. IT creation is part of a group with two other specialized IT companies that provide Backup and Datacenter services. It showcased their commitment to diversifying and enhancing their offerings. With over 100 people on board, they serve both small and medium businesses, large enterprises and government institutions.


The Architectural Framework


IT creation’s commitment to customer security and service is evident in the architectural blueprint they deploy for each client including:

  • Dual Firewalls (HA)

  • Dual Load Balancers (HA)

  • Dual Web Application Firewall (LB)

  • Application Servers



Within this architecture, the WAFs play a critical role in inspecting and filtering HTTP traffic. For years, IT Creation relied on ModSecurity for its proven reliability, especially for its capability to address OWASP-Top-10 threats and its flexibility to support custom rules.


The Imminent Challenge

Despite its strengths, the WAF used by IT Creation, ModSecurity, had a significant limitation – it was nearing its end of life (EOL) in early 2024. The impending EOL presented IT creation with several challenges:

  1. Potential vulnerability exposure due to the lack of updates and patches.

  2. The need for a transition to a new WAF solution that could at least match (if not exceed) the capabilities of ModSecurity.

  3. Need for a solution that will be able to deal with Zero-Day attacks

  4. Need for a solution with minimum management overhead


Discovering open-appsec

Simon Cornet, IT creation’s team leader responsible for Linux, Network, and Security, initiated the search for a replacement. His quest led him to a Reddit post detailing the capabilities of open-appsec. Simon read about the product’s capabilities and the new machine-learning based approach. Intrigued, Simon decided to conduct a preliminary test in his home lab setup. His findings were impressive:

  • Efficiency: The tool consumed only 2-3% of CPU resources, even under high connection loads. This low resource consumption translated into tangible cost savings, a detail Simon amusingly noted in terms of his home electricity bill.

  • Performance: High-speed processing with no reported crashes.

  • Integration: Seamless integration with existing systems like NGINX, ensuring that there’s no loss of traffic during reloads – an issue prevalent in many WAF solutions.


The Transition to open-appsec

Convinced by its capabilities, Simon engaged with the open-appsec team to understand the commercial aspects because he wanted to get SLA-based support for the deployment of the solution as well as some of the premium features.

At the time of writing this blog, IT creation has incorporated open-appsec to safeguard approximately 50 applications, many of which are customer-facing. Plans for the upcoming year are ambitious: Transitioning 12 more environments to open-appsec, each with at least two open-appsec agents. Given the modularity and user-friendly interface, Simon is also consipdering giving their clients UI access for transparency.


Furthermore, with IT creation’s recent merger, Simon sees potential in introducing open-appsec to their sister companies, amplifying the scale and reach of this next-gen WAF.

open-appsec is performing as advertised. It is easy to setup and gives us state-of-the-art security with easy operation and cost control”, Simon Cornet, IT Creation.


Distinguishing Features of open-appsec


Simon is listing several aspects as advantages of open-appsec over other solutions:

  1. User Interface: The WebUI of open-appsec stands out for its intuitive design, making configuration and monitoring a straightforward process.

  2. Ease of Setup: A streamlined installation and setup process ensures minimal downtime and learning curve.

  3. Machine Learning Integration: Automated threat categorization accelerates response times. Users can fine-tune this with simple malicious/benign tags.

  4. Resource Management: open-appsec is designed for efficiency, ensuring optimal performance without taxing system resources.

  5. Stability: A zero-crash report amplifies its reliability.

  6. Client Transparency: The capability to offer clients read-only WebUI access fosters trust and collaboration.

  7. Advanced Configuration Options: Features such as checkboxes for controlling undefined applications and fail-open mode configurations highlight open-appsec’s preparedness for real-world challenges.

  8. Pricing: Compared to market alternatives, open-appsec offers a competitive pricing model, delivering high value for its cost.




Conclusion


The transition to open-appsec underscores the need for businesses to proactively seek solutions that are not just current but future-ready. IT creation’s journey offers a template for enterprises to evaluate their cybersecurity infrastructure critically. It allows the company to offer their customers state-of-the-art security while ensuring efficient and easy operations so that costs remain in control. See also this blog for a comparison between ModSecurity and open-appsec.


 

open-appsec is an open-source project that builds on machine learning to provide pre-emptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It simplifies maintenance as there is no threat signature upkeep and exception handling, like common in many WAF solutions.


To learn more about how open-appsec works, see this White Paper and the in-depth Video Tutorial. You can also experiment with deployment in the free Playground.

Experiment with open-appsec for Linux, Kubernetes or Kong using a free virtual lab

bottom of page