Deployment - Cequence Security

Cequence Application Security Platform Deployment Options

The Cequence Application Security Platform (ASP) is purpose built from the ground up using a modular, Docker container-based architecture that allows for rapid deployment and seamless integration into existing infrastructures. The modular nature enables you to deploy the respective components to best fit your application infrastructure while also addressing segmentation requirements.

CQAI, CQ Connect and CQ Insight are deployed out of band, with CQAI providing detailed behavioral analytics that can be used for policy enforcement by CQ botDefense and CQ appFirewall, which are always deployed inline as mitigators.

Data Center

In a data center deployment, Cequence ASP can be deployed as a virtualized appliance or on a dedicated hardware device of the customer’s choosing, in either a visibility and awareness mode, or in full enforcement mode. In this scenario, CQAI, CQ Connect, the datastore and policy engine are deployed out of band, as a Docker Swarm cluster. The sensor is deployed so that it can receive a copy of the traffic flows for analysis and enforcement by the mitigator.

Public Cloud

Organizations that are using service mesh or microservices architectures will commonly develop and deploy their applications as self-contained services (e.g., login, registration, shopping cart, checkout, etc.) on AWS, Google Cloud or Microsoft Azure. In these scenarios, the modular, container-based platform architecture enables organizations to bake security into their deployment lifecycle. Out of band traffic analysis and results performed by CQAI are sent back to the mitigator, which in turn, signals the traffic controller to execute policy response.

Cequence ASP can be deployed on any public cloud platform including AWS, Google Cloud Platform, and Microsoft Azure.

SaaS

In a SaaS deployment, the Cequence ASP is provisioned as a private, customer-specific Cloud Security Pod, in proximity to the customer’s application infrastructure to minimize latency induced by an additional hop. If deployed in the public cloud, the customer environment would be a private, single tenant environment to eliminate any possible data privacy concerns.

In this deployment model, the Cequence Customer Engineering team is responsible for the provisioning and ongoing operations of the solution, thereby reducing the planning and operational burden. This deployment model allows customers to avail the benefits derived from a managed service while still retaining the privacy and control that they get from a self-managed deployment.