Announcing Tetrate Agent Operations Director for GenAI Runtime Visibility and Governance

Learn more
< Back

Tetrate and Intel Partner to Boost Coraza WAF Performance and Efficiency by 80%

Web Application Firewall (WAF) is a critical component of modern application security, offering protection against a wide and growing array of well-kn

Tetrate
Tetrate%20and%20Intel%20Partner%20to%20Boost%20Coraza%20WAF%20Performance%20and%20Efficiency%20by%2080%25

Web Application Firewall (WAF) is a critical component of modern application security, offering protection against a wide and growing array of well-known threats plus a fast way to mitigate against late-breaking exploits. The de facto WAF standard has long been ModSecurity coupled with the OWASP Core Rule Set (CRS), but that is about to change. The venerable ModSecurity is slated for end of life in 2024, with no clear upgrade path to a new version. As a replacement, OWASP has endorsed Coraza, a newer open source project created by security researcher Juan Pablo Tosso. Coraza is a Seclang engine written in Go that aims to be “fast by default,” extensible and enterprise-ready. 

“Fast by default” is critical here, as the WAF engine executes in the path of all inbound and outbound traffic where every millisecond counts. To help make Coraza as fast as possible, Tetrate and Intel have worked together to characterize Coraza’s performance, identify areas of improvement and work with the community to carry out those improvements. And those improvements which we’ve contributed back to open source, have been significant—reducing heap allocations by up to 82% and improving running time up to 45%.

If you want to learn more about what and how it was done, check out this blog post by the people who did it—Sundar Nadathur, Manoj Gopalakrishnan, Ramesh Masavarapu of Intel NEX and our own José Carlos Chávez of Tetrate.

Learn More

Tetrate
Product background Product background for tablets
New to service mesh?

Get up to speed with free online courses at Tetrate Academy and quickly learn Istio and Envoy.

Learn more
Using Kubernetes?

Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed via the Kubernetes Gateway API.

Learn more
Getting started with Istio?

Tetrate Istio Subscription (TIS) is the most reliable path to production, providing a complete solution for running Istio and Envoy securely in mission-critical environments. It includes:

  • Tetrate Istio Distro – A 100% upstream distribution of Istio and Envoy.
  • Compliance-ready – FIPS-verified and FedRAMP-ready for high-security needs.
  • Enterprise-grade support – The ONLY enterprise support for 100% upstream Istio, ensuring no vendor lock-in.
    • Learn more
    Need global visibility for Istio?

    TIS+ is a hosted Day 2 operations solution for Istio designed to streamline workflows for platform and support teams. It offers:

  • A global service dashboard
  • Multi-cluster visibility
  • Service topology visualization
  • Workspace-based access control
    • Learn more
    Decorative CTA background pattern background background
    Tetrate logo in the CTA section Tetrate logo in the CTA section for mobile

    Ready to enhance your
    network
    with more
    intelligence?