Alert

Customer Alert – 07/07/2020

Background

Waratek is releasing new long-term versions of the company’s signature compiler-based runtime security products, ARMR virtual patch DSL, and accompanying Management Console. Included in the upgrades are features that allow Waratek’s premiere product –Upgrade – to lift out-of-support Java applications to Java 14 from previous versions of Java dating back to Java 4 without time consuming or costly source code changes.

The upgraded products are now available for new customers. Existing customers will receive detailed information from Waratek Client Services.

 

Discussion

Waratek’s new versions of the company’s compiler-based runtime agents for Java and .NET applications are designed to ease installation and operation of Waratek’s three primary products – Patch, Secure, and Upgrade – as well as the company’s companion Management Console. Also being released is a new version of Waratek’s ARMR DSL in which the company’s no-source-code change virtual patches are written.

Specific feature upgrades for Java products include:

  • Support for Java 14 hosts for Upgrade
  • Support Java 5 for Secure
  • Single Upgrade Agent for all supported Java versions and environments
  • Automated deployment of Secure and Upgrade
  • Improved agent naming scheme and configurability
  • Extensive logging improvements, including full Syslog support
  • Flag-based configuration for security logging
  • New protection features against:
    • XML Deserial attacks
    • XML Payloads
    • HTTP Response Splitting (CWE-113)
    • HTTP Verb Tampering (CAPEC-274)
  • Support for SQL Injection protection of PostgreSQL databases
  • Improved redirect rule for subdomains

 

Management Console (MC) upgraded features for Java and .NET products include:

  • Powerful rules wizards for easy configuration of all security rules
  • Improved MC installation and configuration

 

Management Console (MC) upgraded features -continued:

  • Built-in ‘liveness URL’ for monitoring MC availability
  • Embedded upgrades, including:
    • PostgreSQL 9.x to 11.x upgrade
    • Oracle 12c to 19c upgrade
    • Elasticsearch 6 to 7 upgrade
  • Bundled Java OpenJDK 11u7
  • Bundle Elasticsearch 7
  • Installation / configuration process single-script installs:
    • Bundled Java
    • Bundled Elasticsearch
    • MC
  • General performance improvements for deployment-at-scale and High Availability (HA)

Action Steps

Waratek Secure and Waratek Upgrade customers can schedule an upgrade at their convenience by contacting their Client Services representative.
Non-Waratek customers should request a trial license or a live demonstration of the upgraded Waratek products.

 

About Waratek

Some of the world’s leading companies use Waratek’s ARMR Security Platform to patch, secure and upgrade their mission critical applications. A pioneer in the next generation of application security solutions, Waratek makes it easy for security teams to instantly detect and remediate known vulnerabilities with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

Waratek is the Cybersecurity Breakthrough Award’s 2019 Overall Web Security Solution of the Year, is a previous winner of the RSA Innovation Sandbox Award, and more than a dozen other awards and recognitions. For more information, visit www.waratek.com.

Related alerts

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.