Q: Why is application security important?
A: Historically security focus has been on securing the perimeter. With more than 80% of attacks now happening at the application layer it is widely accepted that securing the perimeter is not enough.
Q: Why should I be concerned about the security of my application?
A: An application is the gateway to your client data. If you are responsible for protecting your clients data, then you need to find the best way to secure your applications.
Runtime Application Self-Protection (RASP)
Q: What is RASP and why should I be interested in it?
A: RASP is a security category that provides protection within the runtime environment of an application. It is the only Application Security category that Gartner have identified as transformational in their 2015 Hype Cycle for Application Security.
Q: Are there different types of RASP solutions?
A: Yes there are two types, one based on instrumentation (or filters), the other based on virtualization.
Q: How does Waratek’s RASP solution differ to other RASP solutions?
A: Waratek is the only RASP solution based on virtualization. This is significant for a number of reasons:
- Waratek provide remediation and mitigation of vulnerabilities on the full software stack, securing both your application and application stack
- Waratek’s unique location in the runtime environment means that we have full contextual awareness and therefore are able to provide complete accuracy
- Waratek are completely ‘in process’, therefore there are no APIs, table look ups or other outside interfaces.
This means that:
- Waratek require no prior application knowledge, so you are immediately protected
- Waratek require no code changes or external devices, enabling you to secure new and legacy applications.
RASP by Virtualization
Q: How does Waratek Secure Applications?
A: Waratek is a secure container in which to run your application. Once your application is deployed it will operate exactly the same way as it does today, with the benefit of being secure.
Q: Can Waratek reduce my risk profile?
A: There are a number of different ways Waratek can reduce your risk profile. Waratek offers through its solution set the ability to remediate and mitigate against a large number of high to medium severity vulnerabilities. Using both static and dynamic technology Waratek can produce a set of rules tailored to your application which will considerably reduce risk of exploitation.
Q: Will Waratek break my application?
A: No because Waratek does not touch your application at all. Therefore there is no need to change a single line of code in your application so its functional behaviour and performance are unaffected.
Q: Do I need to stop and start the application in order to secure it?
A: Once your application is deployed in a secure Waratek container then there is no need to stop and re-start your application even if a new vulnerability is found. Your applications are secured without affecting the live operation of the application.
Q: Can Waratek protect my application stack as well as my application?
A: Yes, Waratek secures both the application and application stack, which protects you against vulnerabilities such as the recent Apache vulnerabilities.
Q: How does Waratek fit into my software development lifecycle?
A: Waratek profiles not just your application but also any third party plugins and application stack and identifies potential vulnerabilities such as unused Java APIs or calls to external applications. By turning these off, your application is now locked down and the potential for exploitation is reduced.
Q: I have already run my application through a SAST/DAST program, how can Waratek help now?
A: The output from your SAST and DAST scanners can be analysed by our SDR technology to automatically produce and patch your application with a rule set which remediates the vulnerabilities identified. This will accelerate your vulnerability remediation process from months down to minutes.
Q: We automate a lot of our application testing, can Waratek work with us here?
A: During the runtime, Waratek can profile your applications behaviour, highlighting a lot of unknown events that your application executes as part of its normal business function. This information can be used to both lockdown your application’s behaviour thus reducing its attack surface, while also highlighting previously unknown behaviour, which in some cases may break company policy.
Q: Can Waratek protect my legacy applications?
A: Absolutely! Without having to make a single change to a line of code, your legacy applications will be protected by fixes gained in a more recent version. For example your legacy Java 1.5 application will inherit the fixes provided in a 1.7 Oracle Java release.
Q: Do you protect my applications from the SANS and OWASP identified top vulnerabilities?
A: Waratek protects against many of the SANS top 25 and OWASP Top 10 threat vectors including:
- SQL Injection
- Cross Site Scripting
- Command Injection
- File Uploads
- Bad Execution
- Path Traversal
- Untrusted Functionality
- Dangerous Functions
Q: How does Waratek differ to a WAF?
A: Waratek is a more sophisticated, more accurate defense solution for your application. Having full contextual understanding of each single request sent to your application and based on its unique underlying technology can with the highest of accuracy remediate against all malicious attacks without blocking legitimate requests.This means that you receive Zero False Negatives and Zero False Positives.
Q: Can Waratek work alongside a WAF?
A: Yes, if your security policy is for defence in depth, the Waratek RASP solution can be used also as a complementary control used for educating WAF’s. Waratek produces a large amount of metadata when under attack. This is metadata that a WAF cannot expose or have insight to. Waratek’s RASP solution can provide WAF’s with the accuracy and intelligence they innately cannot achieve by themselves.
Q: Where can I deploy Waratek?
A: Waratek supports your Enterprise deployment strategy, whether that is for in-house deployment or on a public or Hybrid Cloud environment.
Q: How is the Waratek Secure Container deployed?
A: Waratek can either replace your existing Java runtime environment with a Waratek container, HotSpot standard container or plug-in to your existing Java Virtual Machine (JVM). Deployment is handled by our Management Server.
Q: Why is Waratek’s runtime location important?
A: As Waratek is a plugin to the Java Virtual Machine itself it has complete contextual awareness of all application requests and behavior, which cannot be achieved by instrumenting at the application level. Waratek is a truly unique RASP solution, as it doesn’t require third party API’s, it requires no prior knowledge of application behavior and importantly requires no code changes to the application itself.
Q:What platforms do Waratek Support?
A: Waratek supports the following
- Java EE (All versions)
- Redhat 6.x
- Centos 6.x
- SUSE 11.x SP 2
- Solaris 10
- Windows Server 2003, 2008, 2012
Q: How do you provision and manage secure containers?
A: Management of Waratek instances is done through the use of Waratek’s Management Server. This is a front-end console that allows the user to provision, deploy, update and monitor secure applications.
Q: Will Waratek affect the performance of my application?
A: Due to Waratek’s unique location in the runtime environment, when under attack there is a negligible performance effect that is virtually invisible to the end user.
Logging & Intelligence
Q: How is application information logged?
A: Runtime logging of your application is handled by Waratek’s Management Server. Security information and events are displayed with the Waratek management server. In addition, Waratek supports logging directly into your existing SIEM eg. Splunk, ArcSight, QRadar.
Q: What intelligence can Waratek provide me when my application is under attack?
A: Waratek can provide an extensive set of application metadata for example Time and Date of attack – IP Address of Attacker – User’s cookie data – URL path under attack – Username of Attacker – Users session id – User injected SQL code. As Waratek operates within the Java Virtual Machine itself it has full access to all HTTP header field information.
Q: How can I get Waratek and how much does it cost?
A: Waratek provides a straightforward evaluation process which will allow the user within a couple of hours get a firm appreciation of the value of the Waratek Application Security Solution.
Q: How can I get support from Waratek?
A: Waratek provide different levels of support to suit your requirements.