When a service mesh grows, developers don’t know who owns a service or how to get access for legitimate uses – oftentimes forcing service-to-service access with a shared secret or other means.
Installs as a lightweight WebAsembly module into existing ingress, sidecar, and ambient mesh proxies, giving engineering and security teams instant visibility to assess the data plane security posture.
LeakSignal’s Inline Response Manager (IRM™) is built to process all outbound content, which allows for unique data protection and audit capabilities that identify exactly what sensitive data was accessed.
Automatically maps all services and sensitive data in real-time, giving an understanding of where data is being accessed across geographies, cloud environments,
Traditional perimeter defenses can’t keep up with the speed of business and scalable microservice applications. LeakSignal priorities, assesses, and protects data exfiltration and abuse across all web and API traffic. Alerts can be set and immediate action can be taken to ensure your sensitive data is protected.
The Leakwall improves upon traditional API Security solutions by analyzing the API response traffic and learning what is normal. For example, a normal response only contains one PII element. When a response contains more than expected, alert or redact the data.
Sensitive Data Observer provides visibility into how regulated data is traversing single or multi-cloud and jurisdictional boundaries. Know which services are sending sensitive data and put controls in place to keep the mesh secure.
Not your typical WAF, the MicroWAF capability is lightweight and serves as a tactical defense mechanism when attackers have bypassed perimeter/edge-based protections. Block or rate-limit traffic based on SPIFFE ID and other newer mesh signals.
No Helm charts, Operators, CRDs or other dependencies. LeakSignal is purpose-built to be lightweight and pluggable into any microservice environment.
LeakSignal deploys to Istio, K8s, or Envoy with a few lines of config and emits native Envoy statistics to support data collection platforms like Prometheus.
It’s completely free and takes 10 seconds.