Rule control - Customers could not easily write their own firewall rules because of the use of proprietary languages that most teams weren't familiar with unless they received specialized training, or behind walled gardens only accessible by vendor staff.
Rule management - Customers couldn't easily manage rules because all rules were stored in giant lists of config files without any source control.
Rule ordering - Customers couldn't manage rule dependencies, which meant that rules that ran out of order would cause false positives, or the rule configuration files would get so long that it was impossible to manage the order.
Rule Testing - Even if a customer managed to get all the training to figure this out, rolling out rules was a problem because it is very difficult to test rules, especially blocking rules, in production without impacting production traffic.
Composability - Since so much of a security team's time is spent maintaining and customizing firewall rules, we wanted to make sure we made that process as efficient as possible.
We did this by making it so that security teams could create adaptive rules that responded to real-world situations, rather than having to write rules based on guesswork of what-if scenarios or based on previous attacks.
To do this, we built our rules engine with an overarching principle of composability where the rules themselves could reference each other and be easily assembled.
Here's a simple example: instead of relying on third-party threat intel feeds of bad IP addresses, our rules can dynamically create an update of their own ACLs based on whether or not an IP address was observed acting maliciously.
With Runtime Protection Rules, we wanted to give security teams the same empowerment as we have in house.
What that means is we've built our Runtime Protection Rules experience to have the same developer experience standards as the best developer tools on the market today, such as building first-class code editors, built-in functions and methods, source control, IDEs, testing harnesses, and LLMs instead of simplistic form-based rule editors that you see with most firewall products.
Taking the time to build a runtime rules engine this way is a long, yet rewarding journey.
It is a lot easier to build a firewall by bolting on some open-source ModSecurity rules to a web server, hiring some professional services staff to help customers with anything they need beyond that, and glossing over the clumsiness of it all with a reporting interface.
When built correctly, the capabilities of a composable, developer-friendly rules platform with full decision-making context integrated into the runtime exceed the capabilities of any other architecture.
Runtime Protection Rules are one of the most powerful features in Impart's API security platform.
Impart's Runtime Protection Rules are composable firewall rules that allow security teams to quickly create powerful security policies, with reusable and modular rules that can be dynamically put together to provide powerful and easily customizable runtime security policies.
Unlike legacy firewall rules, which are implemented using large configuration files loaded on a firewall server, written in outdated and proprietary programming languages, and extremely difficult to maintain and manage, Impart's Runtime Protection Rules are built using a composable architecture that offers security teams all of the perks of the most modern developer tooling, such as a native security functions, an in-product IDE, rule testing, revision control, and integrated LLMs for summarization and recommendations.
Safely test rules before production to ensure they are behaving as expected, enabling confident deployment to critical API endpoints.
Adding LLM enhancements on top of our Runtime Protection Rules experience is where we are focused next, and something we've already started doing with improvements, such as our API firewall rule explainer.
The core work that we've done makes our rules more easily integrated with AI and LLMs than other other firewalls on the market, and you'll be hearing a lot from us in this area coming soon.
To learn more about Runtime Protection Rules, contact us at try.
This Cyber News was published on securityboulevard.com. Publication date: Thu, 08 Feb 2024 22:13:03 +0000