Java Container Security
CSO published a series of product reviews based on Gartner’s 2017 Top Security Technologies. In this review, CSO focuses on how container security offers more protection than the traditional approach to AppSec.
By John Breeden II | CSO
Waratek relies on just-in-time compiling and focuses exclusively on one of the biggest security risks within most organizations: applications running Java.
In general, container security works by creating a virtual machine to host a protected application and then restricting what it can do to reach out of that container. Because of its reliance on virtual machines, containerization only recently became popular because of cloud computing, which also relies heavily on virtualization.
Waratek is entering this space from a completely different angle compared to other container security firms, relying on just-in-time compiling and focusing exclusively on one of the biggest security risks within most organizations, applications running Java. Coming to the security space from the prospect of compiler engineers gives the Waratek software a unique flavor and approach that has been overlooked and unexplored by most other companies.
Java applications are divided into two components: You have the baseline Java 8 or 9 stack, which hosts the app and provides the garbage collector process. For the most part, that section is fairly simplistic and completely secure. And then you have the upper layer, which is comprised of the actual code of the running application, plus all the support programming to give it interactivity. The upper layer can consist of millions of lines of code and can be based on any version of Java going all the way back to Java 4. It’s potentially very insecure and is often the focal point for common attacks like SQL injections used to steal information inside protected databases.
Read the full and thorough review here.