HAProxy Community Edition is a free, open source reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is presented as suited for very high traffic web sites.
$0
Lacework
Score 6.0 out of 10
N/A
Lacework is a cloud-native application protection platform offered as-a-Service; delivering build-time to run-time threat detection, behavioral anomaly detection, and cloud compliance across multicloud environments, workloads, containers, and Kubernetes.
It prevents a single server failure from being a downtime event by adding redundancy to every layer of your architecture. A load balancer facilitates redundancy for the backend layer (web/app servers), but for a true high availability setup, you need to have redundant load balancers as well. So it is well suited for all production related servers and less suited for individual servers that do not require redundancy.
Lacework is well suited for behavioral analysis. One thing to consider thought is in the early stages there will be quite a bit of noise generated by Lacework. There will be a higher volume alerts generated initially - until a good baseline is generated. Overall Lacework is good with alert handling - integration with Slack is good.
A few, rare times each year, HAProxy CPU utilization spikes to 100% and server has to be rebooted - this may be related to HAProxy OR it could be an external factor causing this.
It is very easy to use. I was able to find a lot of documents for it on the internet. Very good community support. There are lots of examples available to try. We mostly use a command-line user interface to interact with it. The CLI is also super easy to use and very easy to interact with
We haven't used customer support. We mostly used the community version. We build a multi-node HAProxy cluster with HA to the proxy itself using opensource plugins available. With the support available on the internet and the documents available we don't need to use much customer support.
We chose HA Proxy because it is cheaper than a hardware balancer, it is an open-source solution with a large community behind it and with constant updates. It also allows custom scripts according to needs.HA Proxy is a solution used in many internet sites like GitHub, Reddit, Twitter, and Tuenti.
Compared to Sysdig Falco (the free open-source IDS), Lacework helps security teams by providing actionable alerts and a user-friendly interface that gives you an overview of all workloads being monitored, and detailed insights into these workloads if needed. Falco requires you to build your own integration and interface around it, including a mechanism to whitelist certain alerts. This made it harder for the security team to focus their time on potential intrusions.
Significantly lower investment vs competitors. In the case of F5s we have Virtual Editions so we're paying for the hardware to run it on top of the several thousand dollar licenses that are required for each pair and we currently have a pair of F5s per client so there's a huge potential for cost savings there.
Requires our network engineers to learn a new skill or our Systems engineers to take on the responsibility of managing the load balancers. It's not a huge difference either way, but it does impact the way we have done business in the past.
Being a FinTech company, financial institutions who partner with us want to know that we are appropriately maintaining a Security, Risk and Compliance program that maintains a level of comfort for their vendor management. Lacework gives us the ability to monitor and maintain a level of security for our infrastructure that puts our partners at ease, reduces the revenue cycle for new partners and opens doors to the future.
