Remediate Pentest results
How Jessica remediated major security weaknesses uncovered by a pentesting company in her manufacturing company's Web APIs and Web Applications
Jessica is part of the IT security team at a large manufacturing company. Their CISO recently tasked an external pentesting company to identify potential security vulnerabilities. This included testing publicly exposed Web APIs used by their subcontractors as part of the supply chain, as well as their public Web applications, all of which were hosted on multiple K8s platforms.
The pentesting results were devastating. Although they were running an external third party IPS gateway in front of their datacenter, that protection layer was not effective against many fairly new and zero day attacks that used slight modifications of publicly available exploit code to bypass signatures. It was clear they needed an improved security posture to prevent these kinds of modern threats, including zero day attacks.
She discussed her challenge over dinner with a friend, who works as a DevOps engineer at a smaller company with quite agile IT processes in place. Her friend recommended open-appsec to add preemptive protection for all her Web APIs and Web Applications in K8s in a fully automated way. Her friend liked that it needed minimum administrative effort, which freed up her time, yet it provided high security effectiveness and very little false positives. Working often with machine learning-driven technologies, her friend also liked that Open AppSec used an ML approach to limit unnecessary noise and tedious work. Also all configuration was done in a declarative way, nicely integrated in their CI/CD pipelines.
Jessica at first was a bit concerned about using open-appsec, as she's not a Kubernetes (K8s) expert. She was looking for a solution that did not require declarative code-based configuration, but instead offered some type of WebUI.
She was happy to see open-appsec has an easy-to-use WebUI she can use for all management and configuration tasks, and it's enterprise-ready, allowing centralized management of all of their K8s clusters as well as central cloud logging and reporting. For her colleagues who may want further automation or flexibility, there's an option to use open-appsec's Terraform Provider.
Jessica only needed 5 minutes to set up a new open-appsec SaaS tenant, guided by simple-to-use wizards. In just another 10 minutes, she was able to deploy the solution on their first testing cluster to protect both a publicly exposed Web API as well as a Web Application. She noticed that after just a couple of minutes, already more than 20 attempted attacks were prevented by open-appsec's Machine Learning engine (just sticking to the default profile). Helpful forensic information for each logged attack attempt was provided, including CVE numbers referring to attacks like Log4Shell and Spring4Shell.
After running the initial pilot deployment of open-appsec in the first cluster for about 2 weeks, and almost no false positives, she started the open-appsec rollout for many more of their clusters. Jessica finished this process within just a week. A couple months later, they tasked the pentesting company to run the same tests again (having open-appsec active in prevent mode) and were thrilled to find that the new report showed no more critical weaknesses in the security posture of their Web applications and APIs.
Following that successful report, they upgraded to the Enterprise Edition to get access to more functionality, including support for API schema enforcement as an additional safety net for the publicly exposed APIs, support for more agents to support all of their K8s clusters, additional log capacity, sharing of Learning between agents in the same cluster, and premium automatic IPS signature updates as well as enterprise support.