MacStadium announced that it has obtained Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Level 1, meaning that MacStadium has publicly documented its compliance with CSA’s Cloud Controls Matrix (CCM), and that it joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
Traefik Labs announced significant product updates that address the escalating adoption of Kubernetes and the crucial role of API management in modern digital infrastructure.
The updates include a Kubernetes-native API gateway, integration of a Web Application Firewall (WAF), and advanced API management capabilities that improve governance and security.
"These updates help users navigate the complexities of modern cloud-native digital architectures by bridging Kubernetes and existing infrastructure, plus delivering cutting-edge security,” said Sudeep Goswami, CEO of Traefik Labs. “We’re building on current needs and anticipating the future challenges that users will face and arming them to overcome those hurdles."
Traefik Labs introduced Traefik Hub API Gateway, engineered to provide a native Kubernetes experience, while providing ease of use that is a hallmark of Traefik products, along with streamlined integration with existing infrastructure, and a simplified transition for those scaling from Traefik Proxy open source (3.2 billion downloads) to a fully-featured, production-grade API gateway product.
This new offering complements Traefik Enterprise API Gateway, which addresses a broad spectrum of use cases and continues to deliver unparalleled flexibility and compatibility across multiple orchestrators that include HashiCorp Nomad, Azure Service Fabric, Docker Swarm, and Kubernetes.
“Having two separate product offerings ensures that we continue to support and evolve with the diverse needs of our customers, while highlighting our commitment to innovation and our dedication to enhancing Kubernetes ecosystems,” said Goswami.
Recognizing the complementary strengths of API gateways and WAFs, Traefik Labs has taken a step towards fortifying API security with an innovative integration. The company has introduced the capability to incorporate a WAF directly at the API Gateway layer. This approach enhances runtime protection and establishes a comprehensive security posture that is resilient against a wide array of cyber threats. Available to users of Traefik Proxy v3 open source, this innovation integrates two OWASP projects: Coraza WAF and the Core Rule Set.
This initial release lays the foundation for future enhancements and signifies Traefik Labs' commitment to aligning with the evolving PCI DSS v4.0 standards. With WAF transitioning from a best-practice to a PCI DSS compliance requirement by March 2025, Traefik Labs is not only ahead of the curve but is also setting a new standard in API security, ensuring that organizations are well-equipped to face the cyber challenges of today and tomorrow. By scrutinizing incoming traffic to block malicious requests before they can exploit any vulnerabilities, WAFs have been instrumental in safeguarding web applications and APIs, particularly excelling in thwarting older, yet persistently dangerous attack methods such as injection and security misconfigurations.
Traefik Labs introduced advanced API management capabilities that enhance API governance and security through precise access control mechanisms to guard against continual threats of data breaches and the potential for extended downtimes due to API misuse. With this update, users gain the ability to meticulously define access through methods, paths, and regex expressions for HTTP-based web applications. This level of fine-grained control is critical as digital ecosystems grow more interconnected, and the need to mitigate risks associated with data breaches becomes increasingly vital.
Industry News
The Cloud Native Computing Foundation® (CNCF®) released the two-day schedule for CloudNativeSecurityCon North America 2024 happening in Seattle, Washington from June 26-27, 2024.
Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and collect and act on data insights more quickly.
Red Hat is announcing an optional additional 12-month EUS term for OpenShift 4.14 and subsequent even-numbered Red Hat OpenShift releases in the 4.x series.
HAProxy Technologies announced the launch of HAProxy Enterprise 2.9.
ArmorCode announced the general availability of AI Correlation in the ArmorCode ASPM Platform.
Octopus Deploy launched new features to help simplify Kubernetes CD at scale for enterprises.
Cequence announced multiple ML-powered advancements to its Unified API Protection (UAP) platform.
Oracle announced plans for Oracle Code Assist, an AI code companion, to help developers boost velocity and enhance code consistency.
New Relic launched Secure Developer Alliance.
Dynatrace is enhancing its platform with new Kubernetes Security Posture Management (KSPM) capabilities for observability-driven security, configuration, and compliance monitoring.
Red Hat announced advances in Red Hat OpenShift AI, an open hybrid artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across hybrid clouds.
ServiceNow is introducing new capabilities to help teams create apps and scale workflows faster on the Now Platform and to boost developer and admin productivity.
Red Hat and Oracle announced the general availability of Red Hat OpenShift on Oracle Cloud Infrastructure (OCI) Compute Virtual Machines (VMs).
The Software Engineering Institute at Carnegie Mellon University announced the release of a tool to give a comprehensive visualization of the complete DevSecOps pipeline.