Waratek has practical experience working with leading global corporations including Financial Services, Healthcare, Fortune 100 companies and more. Here are a few of our application security case studies and test results using our unique and patented runtime protection solution.

Virtual Patching While Under Attack

Healthcare Technology Company Uses New Strategy to Thwart Crypto-miner attack

Leading Healthcare IT Company

FIND OUT MORE

“A week after we installed the Waratek solution we got hit with more deserialization attacks,” the CISO says. “Because of Waratek’s solution, the attacks were immediately stopped, and the solution automatically alerted us to the attempt. All of the hacker’s malicious scripts failed, which took us to a new level of confidence — the Waratek virtual patch is providing the protection we need, better and faster than we ever thought possible.”

“This approach protects our software much quicker than (physical) patches and without disrupting operations.”

Upon restart, a virtual container encapsulated the full application stack, providing instant modernization of the out-of-support JRE to a Java 8 JRE and instant protection from the Java-related vulnerabilities identified in the pre-scan.

Performance overhead was measured against a baseline without Waratek’s solution and reflected normal operation and operation under malicious attack. While under attack the performance, overhead increased by a 2.4%.  However, under normal operating conditions, Waratek improved app performance by as much as 9% and improved the overall performance by 6.9% after lifting the out-of-support JRE to a more efficient Java 8 JRE.

App Modernization

Modernizing out-of-date, mission critical applications without code changes

Instantly remediating years of unpatched vulnerabilities with no code changes or performance impact

Large US based company ($50-75B)

FIND OUT MORE
Legacy Java and Virtual Patching

Legacy Upgrade and Virtual Patching

Remediating years of vulnerabilities and updating an out-of-date Java JRE without changing a single line of code.

US Based Global Media Company

FIND OUT MORE

Virtual Patching and Legacy Application Modernizing

Instant security and operations improvement without code changes

Global financial services institution

FIND OUT MORE
Case Study Legacy Upgrade

Waratek was required to protect the full application stack, including 3rd party components as well as remediate legacy, current and new application security vulnerabilities. Waratek was also evaluated on other criteria such as False Positive Rate (FPR), ease of installation, number of code changes required, compatibility and performance.

Waratek achieved the following results:

  • Simple, fast deployment in less than 30 minutes
  • All security tests: Passed
  • Active security controls: Protected against future threats (0-day) in all layers of application stack
  • Legacy applications: Transparently updated to Java 8 without code changes
  • Internal performance result: Passed
  • All functional tests: Passed
  • False Positive Rate: 0
  • Code Changes Required: 0

Virtual patching hundreds of applications means application development teams do not spend time upgrading to new versions of Java along with testing and deployment activities related to traditional physical patching. This avoids the financial and operations barriers to patching Java-based applications.

 The company has realized other benefits from Waratek’s approach to application security: No false positives have been generated by Waratek while operating in unconditional blocking mode. And, emergency virtual patches have been developed in less than 24 hours for newly discovered high severity vulnerabilities like Struts 2; protection is instant compared to traditional patching protocols.

No Downtime

No Downtime Updates

Saving time and costs with Virtual Patching

Global financial services company

FIND OUT MORE

Legacy Java and PCI Compliance

Remove Vulnerabilities as detected by PCI frameworks

US Fortune 100 financial services company

FIND OUT MORE
Legacy Java and PCI Compliance

After installation all 29 Java vulnerabilities identified by Qualys scans were remediated by containerizing the legacy Java 6 application stack on top of a Java 8 host.  As a result, the environment could be considered as fully security compliant.

Can we help you?

Find out more about how Waratek can help improve your application security and compliance.

CONTACT US: