Historically security focus has been on securing the perimeter. With more than 80% of attacks now happening at the application layer it is widely accepted that securing the perimeter is not enough.
Application Security and
Runtime Application Self Protection - RASP
Frequently Asked Questions
An application is the gateway to your client data. If you are responsible for protecting your clients data, then you need to find the best way to secure your applications.
Runtime Application Self-Protection (RASP)
RASP is a security category that provides protection within the runtime environment of an application. It is the only Application Security category that Gartner have identified as transformational in their 2015 Hype Cycle for Application Security.
Yes. There are two types, one based on instrumentation (or filters), the other based on virtualization.
Waratek is the only RASP solution based on virtualization. This is significant for a number of reasons:
- Waratek provide remediation and mitigation of vulnerabilities in the full software stack, securing both your application and application stack
- Waratek’s unique location in the runtime environment means that we have full contextual awareness and therefore are able to provide complete accuracy
- Waratek are completely ‘in process’, therefore there are no APIs, table look ups or other outside interfaces.
This means that:
- Waratek require no prior application knowledge, so you are immediately protected
- Waratek require no code changes or external devices, enabling you to secure new and legacy applications.
Why is Waratek different?
How is Waratek different?
Waratek is unique in that it makes use of the JIT compiler to fix vulnerable code while the application runs, eliminating the delays and downtime required to apply a binary patch as well as the risk of breaking the application due to incompatible code. Once your application is deployed it will operate exactly the same way as it does today, with the benefit of being secure.
There are a number of different ways Waratek can reduce your risk profile. Waratek offers detection and protection for the OWASP Top Ten list of vulnerabilities as well as protection against unknown vulnerabilities. Using both static and dynamic technology Waratek can also produce a set of rules tailored to your application further reducing the risk of exploitation.
No because Waratek does not touch your application at all. Therefore there is no need to change a single line of code in your application so its functional behaviour and performance are unaffected.
Once your application is deployed then there is no need to stop and re-start your application even if a new vulnerability is found. Your applications are secured without affecting the live operation of the application.
Yes, Waratek Enterprise secures both the application and full application stack.
Waratek protects not just your application but also any third-party plugins and application stack and identifies potential vulnerabilities such as unused Java APIs or calls to external applications. By turning these off, your application is now locked down and the potential for exploitation is reduced.
During the runtime, Waratek can monitor your applications behaviour, highlighting a lot of unknown events that your application executes as part of its normal business function. This information can be used to both lockdown your application’s behaviour thus reducing its attack surface, while also highlighting previously unknown behaviour, which in some cases may break company policy.
Absolutely! Without having to make a single change to a line of code, your legacy applications will be protected by fixes gained in a more recent version. For example your legacy Java 1.5 application will inherit the fixes provided in a 1.7 Oracle Java release.
Waratek is a more sophisticated, more accurate defense solution for your application that does not rely on heuristics. Having full contextual understanding of each single request sent to your application and based on its unique underlying technology, Waratek can, with the highest of accuracy remediate against all malicious attacks without blocking legitimate requests.This means that you receive No False Positives, guaranteed.
Yes, if your security policy is for defence in depth, Waratek can be used also as a complementary control used for educating WAF’s. Waratek produces a large amount of metadata when under attack. This is metadata that a WAF cannot expose or have insight to. Waratek’s RASP solution can provide WAF’s with the accuracy and intelligence they innately cannot achieve by themselves.
Waratek supports your Enterprise deployment strategy, whether that is for in-house deployment or on a public or Hybrid Cloud environment.
Waratek provides a plug-in agent to your existing Java Virtual Machine (JVM). You simply pass the Waratek agent to your Java process and security is applied instantaneously.
As Waratek is a plugin to the Java Virtual Machine itself it has complete contextual awareness of all application requests and behavior, which cannot be achieved by instrumenting at the application level. Waratek is a truly unique RASP solution, as it doesn’t require third party API’s, it requires no prior knowledge of application behavior and importantly requires no code changes to the application itself.
Waratek supports the following
- Java EE (All versions)
- Redhat 5.5 +
- Centos 5.5 +
- SUSE 11 SP 2
- Solaris 10 +
- Windows Server 2003, 2008, 2012, 2016
- AIX 6 +
This list is changing frequently, so please contact us to confirm the most up to date list.
Management of Waratek instances is done through the use of Waratek’s Management Server. This is a front-end console that allows the user to provision, deploy, update and monitor secure applications.
Due to Waratek’s unique location in the runtime environment, when under attack there is a negligible performance effect that is virtually invisible to the end user. In fact, if Waratek Enterprise is deployed to bring your legacy Java applications up to date, then performance improvements are common.
Logging & Intelligence
Runtime logging of your application is handled by Waratek’s Management Server. Security information and events are displayed with the Waratek management server. In addition, Waratek supports logging directly into your existing SIEM eg. Splunk, ArcSight, QRadar.
Waratek can provide an extensive set of application metadata for example Time and Date of attack – IP Address of Attacker – User’s cookie data – URL path under attack – Username of Attacker – Users session id – User injected SQL code. As Waratek operates within the Java Virtual Machine itself it has full access to all HTTP header field information.
Waratek provides a straightforward evaluation process which will allow the user within a couple of hours get a firm appreciation of the value of the Waratek Application Security Solution.
Waratek provides different levels of support to suit your requirements.