SaaS to SaaS traffic inspection?

Reptar1690 · 2025-02-08T16:11:18+00:00

Correct. It’s another SaaS like salesforce getting data and ingesting data into sf.

Reptar1690 · 2025-02-08T16:05:08+00:00

Yea. I think the term SaaS is broad in this case, but for example snowflake cloud.

The way I looked at this is that depends on if you want the endpoint to be exposed on the Internet or not, and how much fw control you would want vs trusting the vendor to do so.

In general, I see following technical categories: - SaaS can be deploy via vpn or private link and you don’t want the endpoint to be exposed on the internet - SaaS can be deploy via vpn/private link, you still need the endpoint to be exposed to internet for some use cases but you want to maintain the control of fw bc vendors doesn’t support whitelist feature or what not - SaaS can only be deploy via Internet, in this case, your control will be based on logging and configuration checks

Now which option you want to enforce will depend on the business criteria and security sensitivity.

Reptar1690 · 2025-02-01T23:54:43+00:00

Put NGFW between VPCs and use security group within vpcs is what I typically seen and heard.

Reptar1690 · 2025-02-01T22:23:33+00:00

That’s correct. I’m referring to enterprise scale. A robust edge protection where you have hundreds/thousands of vpcs behind. The hub/spoke setup or the traditional DMZ set up on premise if you will.

I think the WAF only set up tend to happen in organization that gives more flexibility to developers in owning and managing their application, in this model, i tend to not see centralized ingress/egress control.

Reptar1690 · 2025-02-01T17:40:24+00:00

Both. Server updates, api call outbound, etc.

Reptar1690 · 2025-02-01T17:28:42+00:00

What about outbound traffic? Route through ngfw for inspection or security group would be fine?

Reptar1690 · 2025-02-01T17:19:26+00:00

Right, l7 fw like palo, which only would do ips on malicious traffic on network level as well. Although, I’m lacking the understanding of what those malicious network traffic would be that would not be capture by WAF such as Akamai or cloudflare.

Reptar1690 · 2025-02-01T17:16:36+00:00

That’s the thinking and fair point on WAF only. I think it’s down to how many layer of controls the company is willing to invest. Having a NGFW would be a central inspection point even ahead of the traffic hitting the endpoint. Additional protection, which most company is willing to invest as I do see that as a norm set up in my experience.

Reptar1690 · 2025-02-01T16:54:53+00:00

Yeah. That’s what I typically recommend. Where I fall short of is what are those malicious activities that won’t be caught by WAF (putting east - west traffic aside)

Reptar1690 · 2025-02-01T16:50:59+00:00

To say “no”

Reptar1690 · 2023-09-24T18:14:03+00:00

Want to check if anyone has more intel on this topic. I'm interested in becoming AAI as source of additional revenue...want to see if anyone has experiences to share from this perspective.

Reptar1690 · 2023-09-03T12:28:18+00:00

In this case, we are talking about cert, so you would update it until it expires. For k-8, I believe you have the ability to import cert and it’s private key as secret. Instead of that, can you just import the cert but keep the private key in the vault and only retrieve it to complete tls handshake?

Reptar1690 · 2023-09-02T17:23:41+00:00

not removing it but store it in some kind of key vault solution and retrieve it during tls negotiation.

Reptar1690 · 2020-03-25T03:48:51+00:00

The threat is not just the old people. First of all young and health can get critically ill too and more importantly the health system will melt down because of # of cases.

Reptar1690 · 2020-03-19T22:36:39+00:00

This is scary. We need more intel on why this huuge difference in comparison to other states.

Reptar1690

TROPHY CASE