Normally, the PureSec runtime protection module will retrieve the latest security policy from the PureSec service upon the function’s cold start. This makes sure your functions are always as secure as possible. But what happens if your functions don’t have internet access (e.g. inside a non-internet facing VPC) ? Or if you want to update your policies only on-demand? Now you can!
PureSec’s runtime protection defends your functions with two main layers:
Serverless Application Firewall – Inspects the input of the function. When the function is invoked, the firewall will analyze the input to ensure it doesn’t contain any malicious payloads such as an SQL injection, XSS attack etc.
Behavioral Protection Engine – Protects the ongoing behavior of the function. This layer of protection inspects outbound network traffic, file access and execution of processes. The engine will detect any undesired behavior and will either block it or alert you about it, depending on your configuration.
Local Policy Updates let you use the PureSec CLI tool to fetch the latest security policy and enforce it on your function during the CI/CD process, and when your function starts, the protection library will not call the PureSec service, as it will already contain its runtime protection policy.
Local Policy Updates are available now to all PureSec customers!
Try the PureSec Serverless Security Platform with a Free Trial!