Curiefense is a cloud-native, open source security platform for enterprise apps

Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.

Reblaze, an Israeli cybersecurity company focused on web app and API protection, has launched an open source security platform aimed at enterprises. Curiefense, which Reblaze first announced back in November, is designed to protect cloud native applications and APIs from myriad threats, such as distributed-denial-of-service attacks (DDoS), SQL injection, cross-site scripting (XSS), and account takeovers (ATOs).

Web apps are the cornerstone of many modern enterprises and have a tremendous responsibility to protect user data from nefarious actors. It’s estimated that cybercrime cost the global economy $2.9 million every minute last year. There are countless tools on the market to help protect these apps from cyberattacks, including web application firewalls (WAFs) from big-name providers like Cloudflare, F5, and AWS. Newcomers such as VC-backed Signal Sciences and Sqreen have also sought to make their mark with cloud-native incarnations. Highlighting the demand for app security solutions, Fastly acquired Signal Sciences and Datadog snatched up Sqreen in the past six months.

Commercial open source

Curiefense, which hits general availability today through GitHub, packs a fairly comprehensive set of security mechanisms into its free incarnation. But as is the case with many other established open source projects these days, Reblaze is building a commercial layer on top of Curiefense that will include a bunch of value-added services, such as security automation for businesses looking to save time and resources setting this up themselves.

“Although you can use Curiefense to secure your assets, it is time-consuming and challenging to manage all the moving parts when operating at scale,” Reblaze cofounder and CTO Tzury Bar Yochay told VentureBeat. “Curiefense provides a full API, so one can certainly build an automation layer on top of it — however, Reblaze will offer our own automation layer that ensures everything is up to date and operating smoothly. This provides the user with command and control, peace of mind, and efficiency.”

Above: Curiefense: Count requests by blocked status

Fully managed

The commercial Curiefense incarnation will also leverage current threat data that gives companies an instant view into not only completely new threats but those that have evolved. “While Reblaze will provide threat intelligence feeds for the open source version, the commercial version will enjoy broader and more frequent updates for the feeds we generate, as well as those from corporations and vendors that we tie in with,” Bar Yochay added.

Reblaze will of course offer Curiefense as a fully hosted and managed SaaS offering, with customers able to choose from any cloud, including AWS, Google Cloud Platform, Azure, and Digital Ocean. Other premium features include support for native apps and biometric human detection.

There are other open source web security tools out there, including ModSecurity, which began as an Apache webserver module built around user-defined rules. While it has evolved over the past couple of decades to include support for Microsoft’s Internet Information Services (ISS) and Nginx, it still has limitations, such as its “signature-based” threat detection, or “known” vulnerabilities.

Curiefense is pitched as a more holistic security tool, one that uses different approaches and techniques to detect threats. “These prevent automated attacks, such as account takeover, bruteforce logins, web recon, and similar attacks,” Bar Yochay said.

Founded out of Tel Aviv in 2011, Reblaze previously raised a small amount of undisclosed external funding, but it has also amassed a number of notable enterprise clients, including Staples, eBay, Nvidia, Intel, and Cisco. Bar Yochay said that while developing Curiefense, Reblaze worked with some of those companies, alongside other big names, such as Red Hat and Airbus.

Although Curiefense is Redblaze’s first open source product, it seems it won’t be the last. “There are more to come along the way — a few are scheduled for later this year,” Bar Yochay said.

Curiefense has been released under an Apache 2.0 license, meaning there are no real restrictions in place for the free version — it can be modified and distributed however the user sees fit, providing they include the original copyright information and state what changes they have made. “We donated the project to the Cloud Native Computing Foundation to ensure its success as an open source project and increase community involvement,” Bar Yochay added.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform
  • networking features, and more

Become a member