BLOG

A Containerized WAF to Secure Apps and APIs

Navpreet Gill Thumbnail
Navpreet Gill
Published April 30, 2024

Applications today have different performance, privacy, and security considerations. Many likely have distinct optimal routing needs. Most are hosted in different environments. Organizations today need a unified solution that can be applied for applications deployed nearly anywhere—in public clouds, private clouds, and on premises. NGINX App Protect WAF delivers that unified solution.

In addition to its robust web application firewall (WAF) capabilities, significant improvements have been made to the architecture of NGINX App Protect WAF. Prior releases of NGINX App Protect (through 4.x) have been delivered as packaged software and this will continue with the NGINX App Protect WAF 4.x release.

But a new version of NGINX App Protect WAF, version 5.0, is designed for public cloud, private cloud, and on-premises deployments in a containerized form factor, which reduces the attack surface. NGINX App Protect WAF 5.0 introduces innovations that enable businesses to protect modern apps and APIs in containerized environments with a smaller footprint. NGINX App Protect WAF 5.0 not only supports both NGINX OSS and NGINX Plus, but also separates the control and data planes, enhancing agile development methodologies. NGINX App Protect 5.0 supports a standalone policy management container and brings the following value to customers:

  • Prevents impact of heavy lift policy modifications to affect data traffic or data plane compute resources
  • Accelerates deploy and reload durations, making it faster to operate and scale

Because it's designed for cloud and hybrid deployments, the containerized form factor approach of NGINX App Protect WAF 5.0 is optimized for DevOps teams using agile pipelines and CI/CD frameworks to build and maintain their applications.

NGINX App Protect 5.0 can address the desire for a unified, consistent app and API security solution, as it can be leveraged in public clouds, private clouds, and on premises. NGINX App Protect 5.0 also simplifies updates and upgrades. With its new architecture, NGINX App Protect 5.0 requires only the compiler to be rebuilt with updated signatures. And NGINX App Protect 5.0 supports NGINX in any form factor, including virtual machines and containers.

To be clear, though, NGINX App Protect 5.0 is not replacing NGINX App Protect 4.x. Both will be offered to customers to address their specific deployment needs, with NGINX App Protect 4.x continuing to be updated and offered as a packaged product and NGINX App Protect 5.0 and later being provided as a container supporting Docker or Kubernetes.

So, what does this mean for you?

For one, migrating to NGINX Plus is no longer a requirement, and there's no need to re-customize your security solutions, which can save precious time and decrease total cost of ownership (TCO). Using containers, the native form factor for integration with modern applications, less of an attack surface is exposed with NGINX App Protect 5.0, enhancing security. You will also have the ability to protect applications running on NGINX OSS proxies if you choose to do so. This approach also offers better operability, allowing SecOps and DevOps teams to more effectively maintain overall security posture management and implementation.

Enabling agile development and reducing the need to support new operating systems and version increments has been sought after, as it helps accelerate the pace of development. This approach also simplifies consumption by utilizing a container-ready form factor instead of self-creating containerized images and deploying per every instance for every release and signature update.

NGINX App Protect is a modern WAF designed to sit close to your applications, providing additional protection beyond a perimeter WAF. It can be fully integrated into DevOps and CI/CD frameworks to:

  • Enable strong security controls to be integrated seamlessly
  • Outperform other WAFs for improved user experience
  • Reduce complexity and tool sprawl while delivering modern apps

Let NGINX App Protect v5.0 shield your applications so that you can focus on the lifecycle and innovation of your products and solutions.

If you’re ready to try out NGINX App Protect v5.x, get started with this 30-day free trial or contact F5 sales today for more information.