What happens after an attacker logs in with stolen credentials? LeakSignal allows security teams to take control and set limits on sensitive data access.
Deploy LeakSignal
LeakSignal provides new visibility on sensitive data. This includes any data type such as CPNI, PII, cardholder data, PHI, along with responses that contain the signs of vulnerabilities.
In moments you have a dashboard showing all routes exposing sensitive data and all tokens accessing sensitive data. Go ahead and redact some data in real time - feel the power!
LeakSignal installs as a WASM module in Envoy. No Helm charts, Operators or CRD.
LeakSignal deploys to Istio with a few lines of config, and can be included in any Envoy or nginx setup.
Redact data or block responses in real time.
Those all help harden the various configuration, dependencies and code that might allow an attacker access to something in the cloud – security peeps call this the “posture.” Sadly, even with great posture, attackers still get in. LeakSignal watches the data going out on the web and API channels.
Gartner says web-based APIs are the #1 vector for attack.
If WAFs worked, you wouldn't read about breaches on major sites.
We didn't raise $200M, we wrote open source code that leverages modern architecture.
You got this. Get your API Key and have a dashboard up in seconds with the below configs:
Envoy is the underlying data management plane in most service mesh offerings and already widely deployed across enterprise environments such as Lyft, Walmart, Netflix, T. Rowe Price, US Bank and many others.
The most popular service mesh. Founded by Google, IBM and Lyft in 2017. Istio set the standard for what a service mesh should be: traffic management, policy enforcement, and observability, powered by sidecars next to workloads.
OSM runs an Envoy-based control plane on Kubernetes. OSM works by injecting an Envoy proxy as a sidecar container with each instance of your application.
It is completely free and takes 10 seconds.
