Airlock WAF 7.1

From DevOps to DevSecOps

"Information security is seen as an inhibitor to DevOps agility!" IT security as a roadblock - that was the disillusioning conclusion at Gartner's Security Symposium in 2017. But that's not necessarily true. If central security gateways offer practical interfaces, they can be turned into enablers and offer real value.

Airlock WAF 7.1 accepts the challenge! The comprehensive REST interface for configuration is a solid basis for automated deployment. Automatic enforcement of OpenAPI specifications raises API protection to a new level, both in terms of convenience and security. Moreover, management of SSL/TLS certificates can be automated using Let's Encrypt. And last but not least: the new Airlock cloud image enables quick and non-interactive cloud installations.

Strong security, automatically deployed. That's DevSecOps with Airlock WAF 7.1.

 

 

API Security with OpenAPI Support

Services based on APIs - that's the future of web applications. While being technological state-of-the-art already, APIs are now actually demanded by regulations such as PSD2 for the European financial industry.

Airlock WAF 7.1 takes a giant step towards an API security gateway by supporting formal OpenAPI specifications for REST APIs. Access to back-end APIs is automatically controlled and nonconforming requests are rejected. Maintenance of manually created or learned filter policies becomes obsolete, because activation of updated specifications can be automated. This creates a win-win situation for security and operations: precise whitelist rules for API access, automatically updated!

 

REST API for Configuration

DevOps means delivering software updates though agile and mostly automated processes. These updates inevitably cause changes in security policies on the central gateway. Of course, these changes must be automated as well.

In order to achieve this, Airlock WAF 7.1 comes with a comprehensive REST API enabling automated configuration of virtual hosts, mappings, back-end services, and certificates. This closes the DevOps loop in a simple but nevertheless secure manner.

Airlock Cloud Image

On-premise, in the cloud or hybrid? The choice is yours. But no matter how you decide, Airlock will fit your needs. Airlock WAF 7.1 is designed for cloud deployments and automatically adjusts to dynamic environments using DHCP an cloud-init. Using the official Airlock cloud image, new instances can be created quickly and without interaction. Moreover, clusters of active Airlock WAF nodes are possible by externalising the session database. Simply scale Airlock together with your services.

Let's Encrypt

Managing SSL/TLS certificates in large environments is a tedious and time-consuming job. Let's Encrypt offers a secure and automatic solution for creating and updating certificates. Airlock WAF 7.1 brings these benefits right to the center of your IT by supporting Let's Encrypt for virtual host certificates.

Time is short and there is no room to cover all the new features and improvements. For a complete release overview, Please refer to the release notes on Techzone.

Information for you

-Our whitepapers-

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge