We’re delighted to announce the GA release of Curiefense—Reblaze’s new open source, cloud native web security platform.
The Curiefense project has the potential to radically transform the world of cybersecurity. This post will discuss what it is, how it works, and why it’s important. But first, a brief mention of its name.
In honor of Marie Curie
As you might have guessed, the project is named after the famous scientist Marie Curie. Curiefense was first developed in intensive work sessions in Malakoff France, close to her house and laboratory. We named it after her in hopes that in some small way, it can remind people today of this exceptional researcher, scientist, and humanitarian. (More on her life and work below, at the end of this post.)
What it is
Curiefense is an extension of Envoy Proxy. Envoy has a long list of uses in modern microservice architectures; it can be used as an application sidecar, an ingress gateway, an edge proxy, and much more. Curiefense extends Envoy; it adds built-in traffic filtering to anywhere that Envoy can be used.
Envoy is a graduated project within the CNCF (the Cloud Native Computing Foundation), and this is also our goal for Curiefense. The first milestone in that process was achieved in late January, when Curiefense was accepted as a CNCF Sandbox Project.
As mentioned above, we believe that Curiefense can transform the security industry. It is disruptive in multiple ways, because it’s:
- For developers, by developers
- Open source and cloud native
- Zero trust, with complete privacy, and better performance
For developers, by developers
Our world is increasingly driven by technology. To survive in this environment, a growing number of organizations are empowering their technical teams to play larger roles; often, developers and engineers can participate in much of their organizations’ decision-making processes.
In the past, web security was a necessary evil; something that got in the way of the “real” work that developers needed to do. Curiefense is GitOps-based, and is designed to support developers rather than hindering them. It integrates easily into DevOps and DevSecOps pipelines; the entire platform can be configured and driven via API if desired (although a full web console UI is also available).
We believe that Curiefense’s technology-first approach is important, not merely because it will appeal to developers, but because it will make their lives easier. A security solution that is perceived to be an obstacle will often be circumvented; one that integrates seamlessly into existing workflows can be embraced instead. Ultimately, this will make organizations more secure, and this makes the web a safer place for us all.
Open source and cloud native
In its early days, OSS (open source software) was often caricatured as being merely an ideological movement. Today, it is widely acknowledged that open source can offer a number of real, practical advantages that closed source systems do not.
Curiefense is a collaborative, community-driven project. The Internet today is a hostile and dangerous environment, requiring organizations to maintain robust and effective defenses; we believe that the best way to achieve this is to harness the collective brilliance of developers and security researchers around the world, rather than relying on a small team working in isolation. Therefore, open source is a better choice than a closed, proprietary approach.
The same logic applies to the cloud native compute movement, which is one of the most exciting and fast-moving tech communities today. To become fully cloud native, a software project must be interoperable and fully integrated, accessible and manageable, open and resilient, transparent and observable…. and the list goes on. The requirements are formal, numerous, and (rightfully) strenuous.
As Curiefense matures into a full-fledged member of the cloud native ecosystem, it will become a stronger platform. It will be more accessible, more capable, and more easily integrated into a wider variety of architectures. And that means it can serve its users better, offering free web security capabilities to organizations around the world.
Zero trust with complete privacy and better performance
Most commercial security products decrypt and process the customer’s traffic outside of the customer’s environment. This introduces obvious privacy concerns, and it also includes performance issues (such as added latency for routing, decryption, and re-encryption).
The Reblaze platform avoids these problems by operating as a reverse proxy within the customer’s VPC. However, this is a complicated approach, involving DNS and routing issues, possible SSL certificate management, and more. Also, as a stand-alone platform, it must be deployed with redundancy to assure availability and resiliency, as well as being attached to monitoring and alerting systems.
Curiefense is something new—it is traffic filtering that runs inside the environment as an integral part of it, whether that environment is a VPC, container, or service mesh. This is a true zero-trust model, with better performance as a bonus. Also, it doesn’t need to be monitored for health or be available for discovery, because it is automatically in-sync with the services deployed.
In the last few years, data privacy has become an increasingly important, and increasingly regulated, issue. This trend has not slowed down; in fact, the opposite is true. We expect that Curiefense’s ability to provide a completely zero-trust architecture, where no traffic is decrypted or processed outside the perimeter, will become increasingly attractive in the years to come.
We’re excited to launch Curiefense, but this is just the beginning; we’re already hard at work implementing new features from the roadmap, and looking forward to future releases.
Addendum: About Marie Curie
Madame Curie is renowned for her long list of scientific accomplishments. She was the first woman to have been awarded a Nobel Prize, the first person in history to win two Nobel Prizes (the 1903 Nobel Prize in Physics and the 1911 Nobel Prize in Chemistry), and she remains the only person to become a Nobel Laureate in two different sciences. She was a pioneer in using radioactivity to treat cancer, and established a number of medical and research facilities in this new field. Today, several prestigious medical and oncology centers bear her name.
Compared to her scientific research, her humanitarian work is less well known, but it is equally impressive. Early on, she realized that radiology could be used by military doctors as they worked to save the lives and limbs of wounded soldiers. During the first World War, she formed France’s first military radiology center, and her mobile radiography units became known as petites Curies (“Little Curies”). Often, she herself drove one of these units to the front lines. It is estimated that over a million wounded soldiers were treated with her X-ray units.
Unfortunately, the dangers of radioactivity were not yet understood in her day. Madame Curie’s selfless work and service to others ultimately cost her most of her eyesight (she developed cataracts which left her almost blind), and then shortened her life (from the aplastic anaemia that she developed).
Curiefense is named in honor of this exceptional scientist. The project’s soft launch occurred last year on November 7, on her 153rd birthday.