Signal Sciences supports multiple installation methods. You can deploy directly onto your hosting environment via traditional Module-Agent process, Agent-only configured to operate as a reverse proxy, or you can use Signal Sciences’ hosted Cloud WAF solution. Signal Sciences supports traditional, VM-based architectures as well as modern container-based ones. Integrations with several Platforms-as-a-Service (PaaS) are also available. Below are all the installation options available to get Signal Sciences up and running.
The easiest method for deploying Signal Sciences is to take advantage of our Cloud WAF solution. Cloud WAF is a hosted solution that doesn’t require you to install the Signal Sciences agent and module directly onto your environment.
Module-Agent Installation Process
Signal Sciences can also be deployed directly onto your hosting environment. Getting started deploying Signal Sciences typically takes less than five minutes and is just a few simple steps depending on your web server (NGINX, Apache, etc).
More information about the Signal Sciences Agent and Module can be found in How It Works.
The Signal Sciences installation process is very simple and can be done with three steps:
Step 1: Agent Installation
The Signal Sciences Agent is a small daemon process which provides the interface between your web server and our analysis platform. An inbound web request is passed to the agent, which then decides whether the request should be permitted to continue, or whether it should take action.
Step 2: Module Installation
The Signal Sciences Module is the architecture component that is responsible for passing request data to the agent. The module deployment is flexible and can exist as a plugin to the web server, a language or framework specific implementation, or can be removed if running the agent in reverse proxy mode.
Step 3: Verify Agent and Module Installation
- Log into the Signal Sciences console
- Go to Agents
- Under Agent look for the hostname of the system you installed on
- Check the module version under Module to confirm the correct version is listed
Note: Until there has been at least one request since the agent and module were installed, the module information won’t be listed. Once there is traffic the module information will be populated.
Containers and Kubernetes
Signal Sciences supports multiple deployment patterns in Kubernetes. You will likely have to customize configurations for Signal Sciences to work in your own Kubernetes app. The documentation provides several Kubernetes deployment examples, using the Docker sidecar container pattern.
The Signal Sciences agent can work with an optional module to increase deployment flexibility. If you don’t want to install a module, the following agent-only options are available.
Agent Reverse Proxy Mode
The Agent can be configured to run as a reverse proxy allowing it to interact directly with requests and responses without the need for a module. Running the Agent in reverse proxy mode is ideal when a module for your web service does not yet exist or you do not want to modify your web service configuration - for example, while testing the product. In this mode, the agent sits inline as a service in front of your web service.
Envoy Proxy Integration
The Signal Sciences agent can integrate directly with Envoy, a cloud-native reverse proxy, to inspect and protect web traffic. Envoy v1.11.0 or later is recommended, however, Envoy v1.8.0 or later is supported with limited functionality.
Istio Service Mesh Integration
The Signal Sciences agent can integrate with Isio Service Mesh to inspect and protect north/south and east/west traffic in microservices architecture applications. Full Istio integration is only possible in Istio v1.3 or later due to the required extensions to EnvoyFilter introduced in that release.
The Signal Sciences agent can be easily deployed by Platform as a Service (PaaS). We worked with multiple vendors to integrate our technologies directly into their platforms to simplify deployment.
Using Signal Sciences
Once Signal Sciences is installed, there are no rules or signatures to configure to get immediate visibility and protection against common attack types.
Now that you have Signal Sciences installed, learn how to use Signal Sciences.