WAF for Kubernetes
Wallarm Cloud Native WAF automates application protection. Installed directly on an NGINX Ingress controller. In Kubernetes clusters Wallarm protects containerized applications, microservices, and APIs in private and public clouds.
Product demo
Easy deployment in Kubernetes
  • Deploys as instrumented Kubernetes communities Ingress Controller or NGINX Plus Ingress Controller
  • Installs as a sidecar Docker container within Kubernetes pods
  • Supports Google GKE, Amazon EKS, and Azure AKS or Kubernetes in private cloud
  • Deploy and manage with Spinnaker. Monitor with Prometheus
  • Licensing model which allows dynamic deployment of nodes and Kubernetes clusters
Get Started
Protect Cloud Native Apps
  • Secures a variety of API protocols including JSON, XML, SOAP, and others
  • XSS, XXE, SQL Injections, RCE and other OWASP Top 10 threats protection
  • Brute-force attacks, dirbusting, and account takeover (ATO)
  • Application abuse and logic bombs
  • Bots
No Manual Rule Configuration
  • Eliminate false positives without tuning
  • 90% of customers use Wallarm Kubernetes WAF in blocking mode
  • Signature-free rules are created automatically and customized for every application
Wallarm WAF for Kubernetes
Integrates with Kubernetes infrastructure

Stronger Native Security for Kubernetes

Provide and support stronger native security for Kubernetes infrastructure with Wallarm. Wallarm’s node for Kubernetes natively deploys with an Ingress controller to provide API security and L7 protections for distributed applications. The management of the Wallarm image is performed with a standard Helm Package Manager or by using kubectl. To install the Wallarm-instrumented controller, you can add it from an existing HELM repository. Full deployment instructions are available at the documentation portal.

Monitoring with Prometheus

Wallarm natively integrates with Prometheus for streamlined monitoring of the APIs and their security. The service is monitored by collectd; information on the number of requests, number of attacks, number of blocked attacks and a variety of error conditions can be exported in JSON format or directly into Prometheus.

Security in CNCF Community

With protected microservices, attack mitigation, and DevOps-friendly post analytics, Wallarm brings true security and ease-of-use to the centerpiece projects of LF and CNCF communities.

Deployment options

Kubernetes:

Ingress Controller (Community)NGINX Plus Ingress Controller (NGINX)

Dynamic module:

NGINX / NGINX PlusKong

Reverse Proxy:

DockerLinux Package

API and Integrations

Full open API:

Operational controlsData retrieval

Out-of-the-box integrations:

Slack

Telegram

OpsGenie

Certified environments

Public clouds:

AWSGCP

Azure

Heroku

Private / Hybrid clouds:

VMmware VMDocker / Kubernetes
The environment is very dynamic, and there are a lot of applications and APIs to protect, so we needed a solution that is automated, self-tuning, and centrally managed.
We tried to use mod_security, but there was a lot of pain with the complicated rules / signatures and non-stop false positives.
Wallarm was able to profile the normal operation the web infrastructure and identify the application-layer (L7) DDoS attack.
Schedule a live product demo
Got it! Thanks for your interest. We will contact you shortly.
 
I'm interested in:
Deployments:
Available Resources

Wallarm Datasheet

Real-time protection for applications and APIs with Wallarm instances and AI engine

Wallarm for Kubernetes

Wallarm installs directly on the ingress controller to provide native security for Kubernetes infrastructure

Wallarm AWS

Additional resources
Video: Wallarm for Kubernetes in GCPBlog: Wallarm WAF Kubernetes Ingress ControllerDocumentation: Installation WAF in the Kubernetes cluster
AI-Powered Application Security
Wallarm security platform automates application protection and security testing. Hundreds of customers already rely on Wallarm to secure websites, microservices and APIs running on private and public clouds. Wallarm AI enables application-specific dynamic WAF rules, proactively tests for vulnerabilities, and creates feedback loop to improve detection accuracy.
415 Brannan St, San Francisco,
CA 94107
2019 © Wallarm Inc.
Terms of servicesPrivacy policyCookie policy