Micro Firewall for Microservices

Web pages and API calls are made up of many services. The services talk to each other over a Data Plane which is vulnerable. WAFs at the CDN or LoadBalancer layers don't protect this Data Plane. LeakSignal does.

Deploy LeakSignal

Protect the Service Mesh

Organizations with multi-year records of keeping customer data safe are now in headlines. Uber, Twilio, Peloton, Okta. With the sprawl of microservice and service mesh technologies (e.g. Kubernetes), organizations are at risk of sensitive data exposure through APIs, serverless technologies, and legacy application logic. What if a service is breached?

In moments, you have a dashboard showing all routes exposing sensitive data and all tokens accessing sensitive data. This includes any data type such as CPNI, PII, cardholder data, PHI, along with responses that contain the signs of vulnerabilities.


No Helm charts, Operators, CRDs or other dependencies. LeakSignal is purpose-built to be lightweight and pluggable into any microservice environment.

A few lines of config

LeakSignal deploys to Istio, K8s, or Envoy with a few lines of config and emits native Envoy statistics to support data collection platforms like Prometheus.


The LeakSignal COMMAND dashboard is completely free to use and configurable to serve as a complementary SOC analysis tool.

A super power for Zero Trust frameworks

Monolithic web servers are being replaced by micro service and service mesh architectures in an effort to achieve Zero Trust. This movement leaves a massive gap in protection coverage. Traditional Layer-7 defense techniques such as WAF and Bot protection at the CDN or Load Balancer layers don't provide visibility into intramesh traffic.

Install in minutes

You got this. Get your API Key and have a dashboard up in seconds.


Envoy is the underlying data management plane in most service mesh offerings and already widely deployed across enterprise environments such as Lyft, Walmart, Netflix, T. Rowe Price, US Bank and many others.


The most popular service mesh. Founded by Google, IBM and Lyft in 2017. Istio set the standard for what a service mesh should be: traffic management, policy enforcement, and observability, powered by sidecars next to workloads.

Azure OSM

OSM runs an Envoy-based control plane on Kubernetes. OSM works by injecting an Envoy proxy as a sidecar container with each instance of your application.

Or click here to explore a sample application dashboard

start free trial

It is completely free and takes 10 seconds.