Waratek Solves the
Application Security Problems

That No One Else Can

 

Application Security with No Code Changes for Java and .NET

 

Patch. Secure. Upgrade.

The Latest News

April 18, 2018

Oracle April 2018 CPU: Most Java flaws can be remotely exploited

Runtime Application Self-Protection - RASP

Runtime Application Self-Protection – RASP – is a transformational application security technology securing an application’s runtime. Waratek RASP solution detects and prevents real-time attacks with zero false positives, doesn’t slow your applications’ performance, and increases the visibility into your apps’ operations – benefits not possible with traditional approaches to today’s threats.

Application Security Threats

7000
New vulnerabilities uploaded each day to open source repositories (Source: Sonatype)
2
Flawed software component downloads in 2015 (Source: Sonatype)
338
Days on average to detect and remediate a successful exploit
(Source: Ponemon Institute Global Analysis)

What are your protection needs?

Traditional security approaches are not enough to protect your applications and your customers’ data from today’s threats. Waratek is a pioneer in the next generation of web application security solutions providing fast and accurate protection against known and unknown vulnerabilities in current and legacy software.

We need to patch application flaws faster and easier.

We need to protect against known and Zero-Day attacks.

We need to upgrade out of support web applications.

The Waratek Trans-formational Approach

Waratek is a fundamentally new approach to application monitoring and protection. Using a secure virtual container, Waratek’s Application Security Platform offers benefits no one else does. Providing instant protection without code changes – and helps lower costs.

LEARN MORE

Highly Accurate

  • Defense against the OWASP Top 10 and SANS top 25
  • Protects Java and .NET applications
  • The always on protections runs in block or detect mode
  • Full application stack protection, including 3rd party components
  • Protects legacy and current Java
  • No false positives

Easy to Install

  • Uses your existing runtime environment
  • No code changes
  • No prior application knowledge required
  • No compatibility issues
  • Installs in minutes

Simple to Operate

  • Does not slow application performance
  • Apply security patches without shutting down the application
  • Detailed monitoring & forensic data
  • No routine tuning required

Protection Guaranteed

Waratek offers Protection Guarantees that back our products

 

  • “No Break” Guarantee – Waratek’s virtual patches will not break your applications.

  • “No False Positive” Guarantee  – Waratek will not generate false positives against the OWASP Top Ten.

All of Waratek’s guarantees come with a $10,000 per unique event credit.

FIND OUT MOREFIND OUT MORE

See how easy it is to apply a virtual patch

Secure your complete application stack with Waratek Enterprise

Waratek Installation

Waratek Application Security Products

Waratek makes it easy for security teams to instantly patch known flaws, virtually upgrade out-of-support applications, and protect 100% of their application code – all without time consuming and expensive code changes. Using patented virtualization technology, Waratek’s application security platform is highly accurate, easy to install, simple to operate and does not slow applications.

Waratek Patch

Waratek PatchA lightweight plugin agent to apply custom security patches as well as current and historical virtual patches for instant protection.

  • Create and apply custom virtual patches
  • Virtual patches of Java and .NET critical patch updates
  • Library of past CPUs to Java 4
LEARN MORE

Waratek Secure

Waratek Secure

A lightweight plugin agent that protects against the known vulnerabilities found in:

  • 2013 and 2017 OWASP Top Ten,
  • SANS Top 25
  • Other complex attack vectors.
LEARN MORE

Waratek Enterprise

Waratek Enterprise

A plugin agent that provides the full suite of Waratek benefits:

  • Virtual Patching
  • Full Stack Security
  • Virtual Platform Upgrade for Java
LEARN MORE

Try A Demo
& Get Protected.

Get a free POC when you schedule now.

The Latest News

April 18, 2018 in News

Waratek Issues Guidance on Oracle April 2018 CPU

Most Java flaws can be remotely exploited: Half of the Java patches relate to Deserialization Flaws.   DUBLIN and ATLANTA – April 18, 2018 – Waratek, the compiler-based application security company,…

Read More
April 15, 2018 in News

Chats On The Road To RSA Conference 2018 | San Francisco

Ireland: The Tech Company and Talent Bridge To and From Europe by Sean Martin, CISSP @sean_martin In this episode, ITSP magazine's Sean Martin has a full house with four guests on... Read More
April 10, 2018 in News

Waratek to Demo Lightweight Application Patching Agent at RSA

DUBLIN and ATLANTA – April 10, 2018 – Waratek, the virtualization-based application security company, announced today the company will be demonstrating Waratek Patch at RSA 2018. Waratek Patch is a…

Read More

Upcoming Events

june 2018

5jun - 7All DayInfoSecurity EuropeG110

Application Security Webinar Series

Webinar now available to view on demand

 

How to end false positives

What if your application security platform didn’t cause false positives?  Too good to be true?  It’s not.

Available to view on demand: Deserialization Vulnerability

From The Blog

April 13, 2018 in Blog

Q2 Oracle CPU Preview: Most Java flaws can be remotely exploited

Overall trends point to continued risks from vulnerable code The number of Java related patches in the Q2 Oracle Critical Patch Updates (CPU) continues to drift down off the all-time…

Read More
April 4, 2018 in Blog

Why is it so difficult to patch web applications?

Another Struts flaw and two major breach announcements are reminders of why we need to patch web applications faster   Just as I sat down to write this blog –…

Read More
March 7, 2018 in Blog

New Remote Code Execution Vulnerability – Spring Break – CVE-2017-8046

Remote Code Execution Vulnerability (CVE-2017-8046) in Pivotal’s Spring Framework Unvalidated user input is the source of most security risks. Using unvalidated user input in an expression language creates a critical…

Read More

Customer Technical Alerts

April 18, 2018 in Alerts

Oracle April 2018 CPU: Most Java flaws can be remotely exploited

Half of the Java patches relate to Deserialization Flaws. Customer Alert 20180418 Oracle Critical Patch Update April 2018 Released Summary This Critical Patch Update patches 15 Java-related vulnerabilities including one…

Read More
April 11, 2018 in Alerts

Two New Critical Vulnerabilities found in Spring Framework

Apps Built on Spring Framework at Risk: Two new critical vulnerabilities brings the total to six new vulnerabilities in a week. Customer Alert 20180411. The popular web application development framework…

Read More
April 10, 2018 in Alerts

Remote Code Execution Flaw found in Spring Framework

Apps Built on Spring Framework at Risk: Four new Spring vulnerabilities range from Critical to Low. Customer Alert 20180410. The popular web application development framework Spring has released patches for…

Read More