The Cequence Unified API Protection (UAP) platform integrates with a wide range of network infrastructure environments, including with third-party and open-source reverse proxies such as Envoy and reverse-proxy/load balancer configured Nginx.
Cequence UAP is comprised of UAP control plane and data plane components. Both the UAP control platform and the data plane components may be SaaS hosted or run 'on-premises' in a customer managed environment.
The UAP control platform includes the core analytics engine and management modules for API Sentinel and Bot Defense. The Cequence UAP platform performs ML-based analysis of each API transaction, feeding the results to API Sentinel and Bot Defense for remediation and mitigation.
Data plane components include the Cequence Sensor and Cequence Defender, which function to collect transactions and enforce mitigation. Sensor is a passive listener only and consumes mirrored traffic flow. Defender functions to both monitor network traffic and actively mitigate threats and must be deployed logically inline to transaction data flow.
Cequence Defender deployment to a reverse proxy configuration can be accomplished in one of two ways: inline-upstream or inline-hairpin. In both approaches, Cequence Defender is configured as topologically in-line with transaction data flow and logically between the client and the origin server(s).
In an Inline-upstream configuration, the reverse proxy forwards requests from the client directly to Defender, which then processes the request, mitigates if appropriate, and forwards the request on to the origin server(s). Responses flow through Defender in a similar manner.
In the inline-hairpin configuration requests and responses both are routed through the reverse proxy before being forwarded on to the origin server or client, allowing the additional data management options.
Learning more
Step-by-step deployment instructions for both Envoy and Nginx reverse proxy configurations are available on request from the Cequence Success team.
See Cequence Technology Partners & Integrations for more information for other types of network infrastructures.