Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.
Reblaze, an Israeli cybersecurity company focused on web app and API protection, has launched a new open source security platform aimed at enterprises. Curiefense, which Reblaze first announced back in November, is designed to protect cloud native applications and APIs from myriad threats, such as distributed denial of service (DDoS), SQL injection, cross site scripting (XSS), account takeovers (ATOs), and more.
Web apps are the cornerstone of many modern enterprises, placing on them a tremendous onus to protect user data from nefarious actors — it’s estimated that cybercrime cost the global economy $2.9 million every minute last year. There are countless tools on the market to help protect these apps from cyberattacks, including web application firewalls (WAFs) from big-name providers like Cloudflare, F5, and AWS, while newcomers such as VC-backed Signal Sciences and Sqreen have sought to make their mark with cloud-native incarnations. Such is the demand for app security solutions, Signal Sciences and Sqreen were acquired by Fastly and Datadog respectively in the past six months.
Commercial open source
Curiefense, which hits general availability today through GitHub, packs a fairly comprehensive set of security mechanisms off the bat in its free form. But as is the case with many other established open source projects these days, Reblaze is building a commercial layer on top of Curiefense that will include a bunch of value-added services, such as security automation for businesses looking to save time and resources setting this up themselves.
“Although you can use Curiefense to secure your assets, it is time consuming and challenging to manage all the moving parts when operating at scale,” Reblaze cofounder and CTO Tzury Bar Yochay told VentureBeat. “Curiefense provides a full API, so one can certainly build an automation layer on top of it — however, Reblaze will offer our own automation layer that ensures everything is up-to-date and operating smoothly. This provides the user with command and control, peace-of-mind, and efficiency.”
The commercial Curiefense incarnation will also leverage current threat data which gives companies an instant artery not only into completely new threats, but ones that have evolved or morphed. “While Reblaze will provide threat intelligence feeds for the open source version, the commercial version will enjoy broader and more frequent updates for the feeds we generate, as well as those from corporations and vendors that we tie in with,” Bar Yochay added
Elsewhere, Reblaze will of course offer Curiefense as a fully hosted and managed SaaS offering, with customers able to choose from any cloud including AWS, Google Cloud Platform, Azure, and Digital Ocean. Other premium features include support for native apps, biometric human detection, and more.
There are other open source web security tools out there, including ModSecurity which began as an Apache web server module built around user-defined rules. While it has evolved over the past couple of decades to include support for Microsoft’s Internet Information Services (ISS) and Nginx, it still has limitations, such as its “signature-based” threat detection, or “known” vulnerabilities in other words.
Curiefense is pitched as a more holistic security tool, one that uses different approaches and techniques to detect threats. “These prevent automated attacks such as account takeover, bruteforce logins, web recon, and similar attacks,” Bar Yochay said.
Founded out of Tel Aviv in 2011, Reblaze has previously raised a small amount of undisclosed external funding, but it has amassed a number of notable enterprise clients, including Staples, eBay, Nvidia, Intel, and Cisco. In its development of Curiefense, Bar Yochay said that Reblaze worked with some of those companies, alongside other big names such as Red Hat and Airbus.
Although Curiefense is its first open source product, it seems that Reblaze now has the taste for open source. “There are more to come along the way — a few are scheduled for later this year,” Bar Yochay said.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.
Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform
- networking features, and more