<
div class=”blog-post4-content_component margin-top”>
<
div class=”blog-post4-content_content”>
<
div class=”text-rich-text w-richtext”>
Blocking in Production Requires a Modern Security DevEx
I’ve spoken to many security leaders who are genuinely scared of blocking in production. And I totally get it – blocking is scary. Some folks have real PTSD from past mistakes.
One security leader I talked to is still explaining an outage from a bad WAF rule—an event that happened four years ago, long before they even joined the company! That’s how much damage a poorly executed block can cause. It sticks with the team for years.
Blocking in Production: Difficult, but Not Impossible
Blocking in production is no cakewalk, but it doesn’t have to be as daunting as it seems. The key lies in how blocking policies are created and deployed.
As security continues to evolve, it’s clear that software engineering skills are now a key part of the job. Yet, the way security teams build and manage policies is still worlds apart from how software engineers develop code. Many security teams are stuck using outdated tools that don’t match the efficiency and ease developers enjoy with their modern toolsets. If security is going to keep up, the tools need to evolve too—offering the same smooth, intuitive experience that developers rely on every day.
What’s the answer? We need to treat blocking policies the same way we treat complex software development—with modern Developer Experience (DevEx) baked in. This ensures that we’ve built the right safety nets and processes to make blocking predictable and reliable.
What Makes a Modern DevEx for Security teams?
These are some essentials that make up a solid DevEx for creating effective blocking policies:
A Proper IDE:
Today, security admins create security policies mostly deciding which signatures (or vulnerabilities) to look for and address. For example, let’s say you were designing a WAF policy to stop XSS. Here’s a PARTIAL list of all the different signatures that you have to decide whether or not to turn on from a typical cloud provider WAF.