Dynamic application firewall configuration for cloud native applications

Assignee

• Palo Alto Networks, Inc. · US

Inventors

• Liron Levin · Herzliya, IL
• Isaac Schnitzer · Tel Aviv-Yafo, IL
• Elad Shuster · Herzliya, IL
• Ory Segal · Nes Ziona, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/10
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

To dynamically determine and apply WAF protections for an application deployed to the cloud, exposed entities, are identified. The identified entities are further evaluated to determine whether the application is eligible for WAF protection based on whether the application uses a protocol that is compatible with WAF protection. If the application is eligible for WAF protection, after instantiating a WAF, WAF protections that should be enabled or disabled are determined based on characteristics of the application that are identified at runtime. The WAF can then be configured based on the identified protections such that those which are pertinent to the application will be enabled, while those which are not applicable to the application and thus will not be used are disabled. As a result, security provided by the WAF for a cloud application is tailored to the application based on information about the application gathered in the cloud deployment environment.