Architecture and Deployment Considerations
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
1 hour 13 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:00
>> Now that we know what CloudGuard AppSec can do,
00:00
let's focus on its possible architectures
00:00
and deployment considerations.
00:00
There are currently three available types of deployment
00:00
>> which can accommodate various implementation scenarios.
00:00
>> It can be deployed either via
00:00
>> the CloudGuard AppSec Gateway as an embedded Nano-Agent
00:00
>> on top of any Linux machine running an NGINX webserver
00:00
>> or an NGINX reverse proxy,
00:00
>> or as a Nano-Agent Docker Container.
00:00
Let's elaborate.
00:00
>> When implementing AppSec
00:00
>> via the CloudGuard AppSec Gateway,
00:00
>> we have a CloudGuard AppSec Gateway virtual machine
00:00
>> deployed in front of the webserver to be protected.
00:00
>> It runs on a checkpoint GAIA operating system
00:00
>> as a secure OS with an NGINX reverse proxy
00:00
>> and an AppSec Nano-Agent,
00:00
which is the core of the solution.
00:00
In this deployment scenario,
00:00
NGINX is managed from the Infinity portal by the user.
00:00
AppSec can also be deployed as an embedded Nano-Agent
00:00
>> on top of any Linux machine running an NGINX webserver
00:00
>> or an NGINX reverse proxy.
00:00
>> The Nano-Agent attaches to the NGINX
00:00
>> as a standard plugin
00:00
>> and provides CloudGuard's AppSec features.
00:00
>> This type of deployment can take shape in two ways,
00:00
either as an NGINX webserver,
00:00
where both protected web app and the Nano-Agent
00:00
>> reside on the webserver,
00:00
>> or as an NGINX reverse proxy,
00:00
where the Nano-Agent resides on NGINX.
00:00
In this case, the NGINX reverse proxy
00:00
is set up in front of the protected web app.
00:00
Alternatively, AppSec can be deployed
00:00
>> as a Nano-Agent Docker container,
00:00
>> either on top of an NGINX Ingress controller
00:00
>> within a Kubernetes ingress pod
00:00
>> or on top of an NGINX reverse proxy Docker container.
00:00
>> These solutions are also deployed
00:00
>> in front of the web application to be protected.
00:00
>> For the sake of simplicity,
00:00
we'll focus this session on deploying AppSec
00:00
>> as an embedded Nano-Agent on top of a Linux machine
00:00
>> running an NGINX reverse proxy.
00:00
>> Before we go over the deployment process,
00:00
let's break down the elements
00:00
>> that enable the AppSec solution.
00:00
>> First, we have the what.
00:00
>> What are we protecting?
00:00
>> This is referred to as assets.
00:00
>> An asset maps to URLs of websites.
00:00
Then we have the how,
00:00
how is this protection being applied?
00:00
This is based on the selected deployment profile,
00:00
which we'll elaborate on in a minute.
00:00
The deployment profile includes
00:00
>> a built-in security policy
00:00
>> which is applied on the protected assets
00:00
>> and defines the expected behavior
00:00
>> for a set of AppSec security engines.
00:00
>> Finally, we have the by whom.
00:00
Who is in charge of enforcing the policy?
00:00
The answer is AppSec's Nano-Agents.
00:00
These Nano-Agents are services
00:00
which implements security monitoring and enforcement
00:00
>> based on the defined policy
00:00
>> and the assets they're attached to.
Up Next
Instructed By
Similar Content
