tCell Agent-based WAF Is The Next Generation of Cloud-based WAF


tCell, the San Francisco headquartered startup that focuses on application security in the DevOps-first and cloud-first world, is continually seeking out new solutions to protect modern web apps. As widespread adoption of cloud infrastructure takes place and application deployment velocity rises – along with increasing changes to application architectures, such as microservices – protecting business critical applications has become less predictable and more challenging.

tCell bases its evolving approach to app security around three key requirements:

  • Understanding the application
  • Monitoring the application
  • Protecting the application.

tCell’s unique architecture offers organizations both a big picture overview and granular detail within the context of the whole application they’re seeking to protect.

One of the challenges tCell repeatedly encounters in providing app security is the fact that web applications, which use Javascript frameworks move much of the application logic from the server into the browser. While this facilitates many advantages – typically bolstering user experience, supporting scalability and making developers’ lives easier, it also means that traditional network and sever side security solutions lose control. In response, tCell ensures that its monitoring systems cover everywhere that the application runs i.e. it runs both server-side and browser-side instrumentation, which feeds its cloud-based analytics.

In the browser, tCell uses two elements: Content Security Policy Headers (CSP) added with the server side agent, and Browser Instrumentation with an additional piece of JavaScript, which can be added to each page that is being protected. These two methods allow tCell to continuously monitor the browser for potential malevolent activity, such as cross-site scripting (XSS) attacks. It also allows the client to control sensitive behaviors, including connecting to third party servers and loading third party content. Furthermore, it allows the client to see if others are using their content on external sites (framing).

Some of tCell’s other key features including route/API endpoint discovery, vulnerable library detection, account takeover breach detection, data exfiltration protection, XSS breach detection, command injection breach detection, suspicious actor blocking and an application firewall.

tCell recently introduced Web Server Agents (WSA) to its stable of agents for JavaScript, Java, Ruby, Python, Node.js, and .Net, enabling the company to extend its monitoring and protection capabilities to common web servers (NGINX is available now, and its developers are working on Apache and IIS). tCell introduced the WSA in response to existing firewall norms that over-emphasize perimeter defense and don’t focus enough on the front-end of application servers, a frequently overlooked area.

With the introduction of the WSA, customers can now benefit from several new options:

  • Single-Page Applications – the static content can be hosted on the web tier and tCell will still provide monitoring and defense services at these levels of the application;
  • Legacy Applications – legacy applications tend to be less frequently updated (not upgrading to the latest patches, etc.), yet still require web-tier level protection;
  • Cloud Transformation – traditional WAFs are quickly eliminated when companies migrate their business to the cloud. WSA provides the same protections in a way that suits the cloud and container infrastructure;
  • RASP Users – this provides an additional layer of defense for RASP users, in particular for companies who have multiple apps or who have moved to microservices.

The last decade has seen a radical transformation in how web applications are built and deployed, and accordingly a need for the kinds of sophisticated and evolving security measures that tCell offers to protect them.

Scroll to Top