Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.
Imperva launched Imperva Serverless Protection, a new product built to secure organizations from vulnerabilities created by misconfigured apps and code-level security risks in serverless computing environments.
Designed with the developer and security team in mind, the new product is easily deployed as an AWS Lambda layer, protecting functions without changing code.
Built on Amazon Web Services (AWS), Imperva Serverless Protection is a fully integrated tool within AWS Lambda Extensions. The integration gives developers faster access to the new Imperva offering to provide an additional layer of security for their AWS Lambda environment. This latest innovation from Imperva adds to the company’s solutions for protecting applications in all their forms: legacy, APIs, microservices, and serverless functions.
“We see hundreds of thousands of customers of all sizes embrace serverless applications to quickly deliver value to their customers,” says Holly Mesrobian, General Manager, AWS Lambda, AWS. “The Imperva extension enables customers to easily embed additional security in their DevOps processes for serverless applications with just a simple configuration change.”
Developers are increasing adoption of serverless functions that offer lower costs, less configuration and faster deployment. However, “through 2022, 80% of successful attacks on serverless [platform as a service] PaaS will have a root cause of misconfiguration or the use of known vulnerable code due to immature tools and processes,” writes Neil MacDonald, Vice President, Distinguished Analyst, Gartner, in the March 2020 report, “Security Considerations and Best Practices for Securing Serverless PaaS”1. He adds, “New approaches and techniques for securing serverless will be required and should be designed using a life cycle approach, starting in development and carrying through into operations.”
Imperva Serverless Protection offers market-differentiated capabilities to help organizations manage the complex security risks that emerge in serverless functions.
- Protection against malicious activity: Purpose-built for serverless computing, Imperva uniquely enables a positive security model that provides protection against malicious changes, like zero-day exploits, within the function. Deployed as an AWS Lambda layer, it can be deployed once and applied to multiple AWS Lambda functions.
- Visibility and protection from internal and external code vulnerabilities: Imperva Serverless Protection secures serverless functions from vulnerabilities embedded in first and third-party code -- the underlying risk factor that can trigger a software supply chain attack. It effectively monitors and blocks vulnerabilities without elaborate or manual steps involved.
- OWASP Serverless Top 10 coverage: Imperva Serverless Protection offers protections from misconfigurations, code-level risks, injections and weaknesses. It stops HTTP response splitting and method tampering, code injection, and other complex threats. It also monitors for insecure cookies and transport, logging of sensitive information, unauthorized network activity, weak authentication, and other potential vulnerabilities.
- Deep visibility into security incidents at the application layer: Imperva Serverless Protection runtime monitoring gathers log-level information to provide forensic detail so security teams can fully understand the context of every attack with virtually no impact on latency. It also identifies and maps third-party dependencies used during runtime.
“Traditional security technologies are not designed to get visibility into and provide protection for ephemeral workloads like serverless functions. Customers require the combination of protection at the function, contextual awareness, and high performance. Additionally, customers are not interested in modifying their workloads or changing code to support security functions. Imperva Serverless Protection was created exactly to solve these needs,” says Kunal Anand, CTO, Imperva. “With Imperva Serverless Protection, DevOps and SecOps teams have a powerful new capability to stop serverless attacks.”
Industry News
Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.
Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.
Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.
Platform9 announced that Private Cloud Director Community Edition is generally available.
Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.
CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.
Mirantis announced the k0rdent Application Catalog – with 19 validated infrastructure and software integrations that empower platform engineers to accelerate the delivery of cloud-native and AI workloads wherever the\y need to be deployed.
Traefik Labs announced its Kubernetes-native API Management product suite is now available on the Oracle Cloud Marketplace.
webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.