Waratek Solves the
Application Security Problems

That No One Else Can


Application Security with No Code Changes for Java and .NET


Patch. Secure. Upgrade.

The Latest News

March 20, 2019

The Java Deserialization Problem

March 4, 2019

Secure Coding is Great, but is it Enough?

Runtime Application Self-Protection - RASP

Runtime Application Self-Protection – RASP – is a transformational application security technology securing an application’s runtime.

Waratek’s RASP solution makes it easy for teams to:

  • instantly patch known flaws
  • protect applications from known and Zero Day attacks
  • virtually upgrade out-of-support applications
Waratek offers benefits over other WAF and RASP products:

  • no downtime
  • no risk of breaking an app
  • no source code changes
  • no false positives
  • no routine tuning
  • no unacceptable performance overhead

Application Security from Waratek

Years worth of Critical/High Severity CVE Patches
Minutes Admin Time To Deploy A Security Patch
Known and Unknown Vulnerability and Attack Vector Protections
Customer Applications Protected by Waratek
Years with 0 False Positives / 0 Broken Apps

What are your protection needs?

Traditional security approaches are not enough to protect your applications and your customers’ data from today’s threats. Waratek is a pioneer in the next generation of web application security solutions providing fast and accurate protection against known and unknown vulnerabilities in current and legacy software.

We need to patch application flaws faster and easier.

We need to protect against known and Zero-Day attacks.

We need to upgrade out of support web applications.

Waratek Application Security Products

Waratek makes it easy for security teams to instantly patch known flaws, virtually upgrade out-of-support applications, and protect 100% of their application code – all without time consuming and expensive code changes. Waratek’s patented runtime application protection is highly accurate, easy to install, simple to operate and does not slow applications.

Waratek Patch

Waratek PatchA lightweight plugin agent to apply custom security patches as well as current and historical virtual patches for instant protection.

  • Create and apply custom virtual patches
  • Virtual patches of Java and .NET critical patch updates
  • Library of past CPUs to Java 4

Waratek Secure

Waratek Secure

A lightweight plugin agent that protects against the known vulnerabilities found in:

  • 2013 and 2017 OWASP Top Ten,
  • SANS Top 25
  • Zero Day Attacks

Waratek Enterprise

Waratek Enterprise

A plugin agent that provides the full suite of Waratek benefits:

  • Virtual Platform Upgrade for Java
  • Virtual Patching
  • Full Stack Security

Case Studies

“A week after we installed the Waratek solution we got hit with more deserialization
attacks,” the CISO says. “Because of Waratek’s solution, the attacks were
immediately stopped, and the solution automatically alerted us to the attempt. All
of the hacker's malicious scripts failed, which took us to a new level of confidence
— the Waratek virtual patch is providing the protection we need, better and faster
than we ever thought possible.”

“This approach protects our software much quicker than (physical) patches and without disrupting operations.”

Healthcare IT CISO

Upon restart, a virtual container encapsulated the full application stack, providing instant modernization of the out-of-support JRE to a Java 8 JRE and instant protection from the Java-related vulnerabilities identified in the pre-scan.

Performance overhead was measured against a baseline without Waratek’s solution and reflected normal operation and operation under malicious attack. While under attack the performance, overhead increased by a 2.4%. However, under normal operating conditions, Waratek improved app performance by as much as 9% and improved the overall performance by 6.9% after lifting the out-of-support JRE to a more efficient Java 8 JRE.

US Healthcare Provider

After installation all 29 Java vulnerabilities identified by Qualys scans were remediated by containerizing the legacy Java 6 application stack on top of a Java 8 host. As a result, the environment could be considered as fully security compliant.

Global Financial Services

Virtual patching hundreds of applications means application development teams do not spend time upgrading to new versions of Java along with testing and deployment activities related to traditional physical patching. This avoids the financial and operations barriers to patching Java-based applications.

The company has realized other benefits from Waratek’s approach to application security: No false positives have been generated by Waratek while operating in unconditional blocking mode. And, emergency virtual patches have been developed in less than 24 hours for newly discovered high severity vulnerabilities like Struts 2; protection is instant compared to traditional patching protocols.

Global Investment Bank

Waratek was required to protect the full application stack, including 3rd party components as well as remediate legacy, current and new application security vulnerabilities. Waratek was also evaluated on other criteria such as False Positive Rate (FPR), ease of installation, number of code changes required, compatibility and performance.

Global Commercial and Retail Bank

Try A Demo
& Get Protected.

Get a free POC when you schedule now.

Customer Technical Alerts

January 16, 2019 in Alerts

Guidance on Oracle January 2019 Critical Patch Update

The Oracle January 2019 Critical Patch Update (CPU) contains 284 new security vulnerabilities across hundreds of Oracle products, including the company’s widely used Oracle Database Server, Weblogic Server and Java SE. This…

Read More
December 7, 2018 in Alerts, Patching, Zero Day

Lucky ransomware: Satan virus variant poses risk of extensive infection

Linux and Windows Platforms at risk via 10 CVEs Overview Independent security researchers at NSFOCUS and Sangfor have identified a Satan worm/virus variant that impacts Linux and Windows platforms and…

Read More
October 17, 2018 in Alerts, Patching

Guidance on Oracle October 2018 Critical Patch Update

Last CPU of the year includes the first patch for Java 11 Customer Alert 20181016 The final Oracle Critical Patch Update (CPU) of 2018 fixes 12 Java SE-related vulnerabilities and…

Read More

Upcoming Events

april 2019

28apr - 1mayAll DayFS-ISACAnnual Summit 2019

30apr11:45 am- 12:30 amHackers are automating, why aren't you?FS-ISAC

august 2019

3aug - 8All DayBlackHatUSA 2019

Application Security Webinar Series

Webinar now available to view on demand


How to end false positives

What if your application security platform didn’t cause false positives?  Too good to be true?  It’s not.

Available to view on demand: Deserialization Vulnerability

From The Blog

March 20, 2019 in Blog, Technical

The Java Deserialization Problem

The Java deserialization problem occurs when applications deserialize data from untrusted sources and is one of the most widespread security vulnerabilities to occur over the last couple years. This article provides…

Read More
March 4, 2019 in Blog, Legacy, Patching, Zero Day

Secure Coding is Great, but is it Enough?

Despite our best efforts to write secure code, computer security breaches at major banks, retailers and government agencies are making front page headlines on a regular basis. Here are five…

Read More