RETHINKING APPLICATION DEVELOPMENT AND DELIVERY

Traditional software development blends a range of features and services (e.g., databases, web servers, application code) into a single, highly integrated package. But in today’s responsive and consumer-driven digital marketplace, this monolithic approach to development and deployment can severely slow down an organization’s ability to respond to business and market demands.

In response, business unit software architects are employing new microservices architectures and container-based environments to help accelerate application development and delivery. In contrast to traditional, highly integrated approaches of software and network architecture development, these more agile approaches build each component and feature autonomously, independent of other functions. They typically leverage open communications standards or orchestration systems for the different components to interoperate. This iterative, incremental methodology allows organizations to develop, deliver, and customize their applications, software, and infrastructures more rapidly. This, in turn, enables them to more effectively respond to the continually evolving demands of modern digital environments.

PACKAGING FOR PORTABILITY PLUS SCALABILITY

Containerization tools (such as Docker) allow an entire application to be bundled together so that it can be moved seamlessly from environment to environment. This can be done from a developer’s laptop to a test environment, from a staging environment to production, and even from a physical machine deployed in a data center to a virtual machine located in a private or public cloud. This significantly simplifies deployment, management, updates, and interoperability.

As part of containerization, all application elements (including databases, code libraries, supporting applications) are placed together into a bundle of separate containers that work together to compose the application. This is commonly known as a pod or service composition. In this instance, everything for the application is ready to go—with the exception of application security.

Running a container environment for web-based applications typically includes an orchestration tool (such as Kubernetes). As needs grow, the orchestration platform automatically expands (scales out) or contracts (scales in) the application environment to accommodate demand—increases and decreases. Adding a container-based WAF to an orchestrated environment enables security to scale alongside applications as they adjust dynamically.

FORTIWEB WEB APPLICATION FIREWALL CONTAINER EDITION

FortiWeb WAFs provide artificial intelligence (AI)-enhanced and layered web application threat protection for midsize businesses and large enterprises, application service providers, and Software- as-a-Service (SaaS) providers. They are designed to protect web-based applications and internet-facing data from attacks and breaches. Using advanced techniques, it provides bidirectional protection against malicious sources, distributed denial-of-service (DDoS) attacks, and sophisticated threats such as SQL injection, cross-site scripting, buffer overflows, file inclusion, and cookie poisoning attacks.

The FortiWeb Container Edition primarily targets container-based environments that support Docker in numerous platforms. This includes private/public registries, Docker Enterprise, and Amazon Elastic Container Service (ECS).

Unlike traditional WAF solutions that only exist outside the container- based application, FortiWeb can be deployed in its own container and packaged as part of the application. Because it does not need to be completely reconfigured each time the container is moved, the WAF is quickly operational to protect the application from vulnerability exploits while simultaneously simplifying distribution.

At each step of the process, easy access to FortiWeb can help application developers ensure that security is applied throughout development, testing, and deployment. A FortiWeb virtual container appliance can be packaged with the application during the preproduction phases to test for vulnerabilities during code development. It also enables FortiWeb to get a jump-start on building application profiles while in test environments.

In deployment, the container version of FortiWeb can either be packaged with the application or extracted and deployed as a separate container in production. It instantly provides more accurate application protection without the need to relearn the application elements.

In addition to building an application with a containerized WAF, the FortiWeb Container Edition enables automatic scaling and provisioning through the container orchestration system. When more FortiWeb virtual appliances are needed to meet demand, the orchestration system can spin up new instances. And inversely, as application traffic slows, virtual appliances can be spun down to conserve resources.