Access control is fundamental to application security. Modern applications, more than ever, need a flexible access control mechanism that can succinctly express access rules, take into account a large number of objects and dynamic runtime attributes, and be evaluated efficiently at runtime. These rules must also be both intelligible and auditable so the current state of access policy enforcement is knowable and can be easily understood.
Many applications today rely on components from multiple providers, accessed via web APIs – referred to as “composite applications,” according to Techopedia. Securing these applications, including communication across components, is challenging.
Now Gartner is promoting a solution to these challenges in a report, 2021 Gartner® Innovation Insight for Comprehensive Secure Connectivity for Composite Applications. The report describes composite applications as “a security architecture challenge” and proposes techniques “to implement these applications with greater consistency, flexibility and integrity.” Joe Skorupa of Gartner also spoke about these issues at the third annual ZTA and DevSecOps for Cloud-Native Applications conference, held in January. (Mr. Secorro’s talk was not recorded.)
WasmPlugin API has recently been added to the Istio project as a new and improved mechanism for extensibility. Here at Tetrate, we’ve recently conducted a successful workshop called Istio Wasm workshop. Click here to watch the recording of the workshop and join the conversation on Slack.
Tetrate and NIST are hosting their third annual ZTA conference, ZTA and DevSecOps for Cloud Native Applications (virtual), on Wednesday, Jan. 26th (training) and Thursday, Jan. 27th (sessions). The conference provides the most valuable opportunity this year for organizations to gather a practical understanding of how to secure critical infrastructure. You will learn how to put together a ZTA stack for end-user traffic from the ground up.
With the severity of data breaches escalating, including damage to critical US infrastructure, executive orders have been issued, calling for federal agencies to adopt Zero Trust Architecture (ZTA). The DevSecOps approach is seen as essential to achieving high operational assurance for microservices-based applications. But many organizations face challenges in implementation. NIST and Tetrate are presenting the third annual edition of this conference to dive deeply into this new architectural model, which yields enhanced security and other benefits. Their work to date has already yielded ZTA standards for cloud-native applications.
As we shift into 2022, we’d like to share some of the highlights and milestones Tetrate has reached in 2021 with your support. Since its founding in March 2018, Tetrate has been growing its capacity to fulfill what it set out to do– to reimagine application networking. This, our fourth year, was bookended by our Series B fundraising round led by Sapphire Ventures and our recent designation as a Gartner Cool Vendor for Cloud Computing. Here’s a snapshot of top company milestones we accomplished together in 2021:
We love open source, but recognize the reality that security can be hard. Recently the Log4j vulnerability (CVE-2021-44228) made everyone realize how wide-spread and severe a security incident can be when it comes to security root causes in the open source. In this blog we will first briefly explain the Log4J CVE as background, then demonstrate how Tetrate Service Bridge can help by providing a built-in Web Application Firewall engine.
A critical vulnerability (CVE-2021-44228, CVSS score 10) was identified in the Java logging library Apache Log4j 2. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can leverage this vulnerability to take full control of a vulnerable machine.
Apache Log4j is used in many Java-based applications, making this vulnerability potentially affecting lots of organizations. As we continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help you detect, investigate, and mitigate attacks. We will provide updates with more information and protection details as they become available.
Update at 2021-12-14: New, related CVE-2021-45046 has been disclosed and mitigations are included in this post.
New WebAssembly infrastructure in Istio makes it easy to inject additional functionality into mesh deployments
Three years in the making, Istio now has a powerful extension mechanism for adding custom and third-party Wasm modules to sidecars in the mesh. Tetrate engineers Takeshi Yoneda and Lizan Zhou have been instrumental in making this happen. This post will cover the basics of Wasm in Istio and why it matters followed by a short tutorial on building your own Wasm plugin and deploying it to the mesh.
Certifications go beyond helping you showcase your skills to potential employers. They are a great tool to keep learning new tech. This post looks at how certifications such as Istio certification and Kubernetes certification can help you in your journey.
by JJ and Varun
We are excited to share that Tetrate is recognized by Gartner as a Cool Vendor in Cloud Computing. When we started Tetrate in 2018, we had the clear vision to productize and simplify application connectivity and security for cloud native apps and workloads. We were able to attract many talented engineers to lead, steer, and contribute to the Istio, Envoy, and Apache SkyWalking projects in open source. We had the right talent and technology ingredients to build a product that could comprehensively address application security, connectivity, observability, and reliability to enable uninterrupted end-user experience. We were all aligned on the product vision.
But from the beginning, we always knew that building a product for enterprise customers requires empathy. We partnered with our early customers to listen, learn, ideate, and iterate on product features and capabilities. We found that the real need was more than just a service mesh. The real need was to bridge legacy and modern, to pave a path to safely modernize. The real need was to bridge on-premises with on-cloud, to pave a path for seamless movement of workloads between them. The real need was to go beyond conventional perimeter security, to be able to secure all applications in a consistent way. These and many more learnings went into building Tetrate Service Bridge. That’s how it gets done at Tetrate, now and forever.
Jeff Bezos said it well,
“We innovate by starting with the customer and working backwards. That becomes the touchstone for how we invent.”
Gartner’s cool vendor recognition is an important milestone and a validation for Tetrate Service Bridge. It’s a milestone but not the destination. There is a lot to do and more to come. Thanks to Gartner for the recognition, and to our customers and partners. You can read the report to learn what Gartner has to say about Tetrate and our product. Our congratulations to the other companies and their products that were recognized as well!
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.