Attacking data in motion at Layer 7+ has become the path of least resistance for hackers and requires a radically new approach to protecting native cloud applications. I’m excited to join Mesh7 and to be working with the extremely talented team that has delivered the industry’s first cloud-native Layer 7+ security mesh. A security at L7+ approach goes beyond the traditional layer 7 to not only look at application urls but also deep into payloads and their schema. This provides the capability to detect and prevent threats like data exfiltration or malware that may be making their way through the payload as data is in motion. It solves the very hard problem of protecting cloud and cloud-native applications deployed across multiple heterogeneous environments. Protecting these applications from distributed attacks is essential now that the path of least resistance has shifted from the infrastructure plane to the application plane at Layer 7+.
Monolithic Versus Distributed Applications
Applications used to be monolithic and threats came from outsiders trying to hack perimeter defenses to reach data in use and data at rest. With the application layer now being highly distributed across public and hybrid clouds, and with the number of end-points (containers, VMs, serverless functions) and Layer 7+ interactions between them (API’s, Kafka message buses, MySQL / MongoDB traffic, and others) having grown more complex, protecting data in motion at Layer 7+ is the new challenge for ops and security teams.
This increased amount of data crossing multiple and more hostile cloud infrastructures has resulted in the path of least resistance now becoming east to west horizontal distributed attacks focused on data in motion. Hackers are no longer outsiders moving vertically through perimeter defenses into and out of infrastructure. They are now able to leverage the same public cloud capabilities as their targets and act as insiders moving east to west across Layer 7+ endpoints.
Protecting Data in Motion at Layer 7+ at the Application Plane
As cloud providers continue to harden their infrastructure, hackers are moving from the infrastructure plane (layer-3 and 4) to the application plane (i.e. layer-7). This is not an easy problem to solve given the increasing number and variation of endpoints and the growing footprint of Layer 7+ operating across multiple heterogeneous clouds. The older technologies of perimeter-based solutions such as web-application firewalls and network firewalls have been repurposed to be cloud native, but these defenses miss the notion of breaching the application plane and then moving east to west from point to point horizontally. The greatest threat to data is no longer happening while it’s in-use or at-rest.
The Need for a Completely New Form of Security
The need for protecting data in motion at Layer 7+ has created the demand for a completely new form of security that acts to prevent horizontal, east-west attacks by securing each endpoint and then vertically blocking attacks in a highly distributed, highly scalable architecture.
The Ideal Solution
The ideal solution for protecting data in motion at Layer 7+ needs to automatically generate a cloud-native security mesh that auto-discovers what endpoints are running and where. This segmentation knowledge combined with a deep-packet inspection of payloads should then automatically generate policies that can be used for proactive enforcement. From a practical perspective, it needs to work without making any changes to the applications components. It also must be easy to install, simple to maintain and work at wire speed without introducing any latency. The system also needs to have a comprehensive set of analytics that provide insight into service statistics, events and alerts, detailed transaction logs, geo location, user behavior, per PII statistics and API attack vulnerability, just to list a few.
Mesh7: Application Security Mesh
This is exactly what Mesh7 has built. It is amazing technology best understood by testing live in your own environment. Best of all, it can be fully deployed within a 30-minute maintenance window and does not require any changes to your applications or infrastructure. If you’re interested in learning how you can turn on Mesh7 in your environment, please email us: firstname.lastname@example.org
I’m extremely excited about what lies ahead for us when it comes to protecting data in motion at Layer 7+ and for application security in general. Stay tuned for more blog posts from our talented team of cloud-native security experts.