Q: Why is application security important?
A: Historically security focus has been on securing the perimeter. With more than 80% of attacks now happening at the application layer it is widely accepted that securing the perimeter is not enough.
Q: Why should I be concerned about the security of my application?
A: An application is the gateway to your client data. If you are responsible for protecting your clients data, then you need to find the best way to secure your applications.
Runtime Application Self-Protection (RASP)
Q: What is RASP and why should I be interested in it?
A: RASP is a security category that provides protection within the runtime environment of an application. It is the only Application Security category that Gartner have identified as transformational in their 2015 Hype Cycle for Application Security.
Q: Are there different types of RASP solutions?
A: Yes. There are two types, one based on instrumentation (or filters), the other based on virtualization.
Q: How is Waratek’s RASP solution different from other RASP solutions?
A: Waratek is the only RASP solution based on virtualization. This is significant for a number of reasons:
- Waratek provide remediation and mitigation of vulnerabilities in the full software stack, securing both your application and application stack
- Waratek’s unique location in the runtime environment means that we have full contextual awareness and therefore are able to provide complete accuracy
- Waratek are completely ‘in process’, therefore there are no APIs, table look ups or other outside interfaces.
This means that:
- Waratek require no prior application knowledge, so you are immediately protected
- Waratek require no code changes or external devices, enabling you to secure new and legacy applications.
RASP by Virtualization
Q: How does Waratek Secure Applications?
A: Waratek is unique in that it makes use of the JIT compiler to fix vulnerable code while the application runs, eliminating the delays and downtime required to apply a binary patch as well as the risk of breaking the application due to incompatible code. Once your application is deployed it will operate exactly the same way as it does today, with the benefit of being secure.
Q: Can Waratek reduce my risk profile?
A: There are a number of different ways Waratek can reduce your risk profile. Waratek offers detection and protection for the OWASP Top Ten list of vulnerabilities as well as protection against unknown vulnerabilities. Using both static and dynamic technology Waratek can also produce a set of rules tailored to your application further reducing the risk of exploitation.
Q: Will Waratek break my application?
A: No because Waratek does not touch your application at all. Therefore there is no need to change a single line of code in your application so its functional behaviour and performance are unaffected.
Q: Do I need to stop and start the application in order to secure it?
A: Once your application is deployed then there is no need to stop and re-start your application even if a new vulnerability is found. Your applications are secured without affecting the live operation of the application.
Q: Can Waratek protect my application stack as well as my application?
A: Yes, Waratek secures both the application and full application stack.
Q: How does Waratek fit into my software development lifecycle?
A: Waratek protects not just your application but also any third-party plugins and application stack and identifies potential vulnerabilities such as unused Java APIs or calls to external applications. By turning these off, your application is now locked down and the potential for exploitation is reduced.
Q: We automate a lot of our application testing, can Waratek work with us here?
A: During the runtime, Waratek can monitor your applications behaviour, highlighting a lot of unknown events that your application executes as part of its normal business function. This information can be used to both lockdown your application’s behaviour thus reducing its attack surface, while also highlighting previously unknown behaviour, which in some cases may break company policy.
Q: Can Waratek protect my legacy applications?
A: Absolutely! Without having to make a single change to a line of code, your legacy applications will be protected by fixes gained in a more recent version. For example your legacy Java 1.5 application will inherit the fixes provided in a 1.7 Oracle Java release.
Q: How does Waratek differ to a WAF?
A: Waratek is a more sophisticated, more accurate defense solution for your application that does not rely on heuristics. Having full contextual understanding of each single request sent to your application and based on its unique underlying technology, Waratek can, with the highest of accuracy remediate against all malicious attacks without blocking legitimate requests.This means that you receive No False Positives, guaranteed.
Q: Can Waratek work alongside a WAF?
A: Yes, if your security policy is for defence in depth, Waratek can be used also as a complementary control used for educating WAF’s. Waratek produces a large amount of metadata when under attack. This is metadata that a WAF cannot expose or have insight to. Waratek’s RASP solution can provide WAF’s with the accuracy and intelligence they innately cannot achieve by themselves.
Q: Where can I deploy Waratek?
A: Waratek supports your Enterprise deployment strategy, whether that is for in-house deployment or on a public or Hybrid Cloud environment.
Q: How is Waratek deployed?
A: Waratek provides a plug-in agent to your existing Java Virtual Machine (JVM). You simply pass the Waratek agent to your Java process and security is applied instantaneously.
Q: Why is Waratek’s runtime location important?
A: As Waratek is a plugin to the Java Virtual Machine itself it has complete contextual awareness of all application requests and behavior, which cannot be achieved by instrumenting at the application level. Waratek is a truly unique RASP solution, as it doesn’t require third party API’s, it requires no prior knowledge of application behavior and importantly requires no code changes to the application itself.
Q:What platforms do Waratek Support?
A: Waratek supports the following
- Java EE (All versions)
- Redhat 5.5 +
- Centos 5.5 +
- SUSE 11 SP 2
- Solaris 10 +
- Windows Server 2003, 2008, 2012, 2016
- AIX 6 +
Q: How do you provision and manage Waratek?
A: Management of Waratek instances is done through the use of Waratek’s Management Server. This is a front-end console that allows the user to provision, deploy, update and monitor secure applications.
Q: Will Waratek affect the performance of my application?
A: Due to Waratek’s unique location in the runtime environment, when under attack there is a negligible performance effect that is virtually invisible to the end user. In fact, if Waratek Enterprise is deployed to bring your legacy Java applications up to date, then performance improvements are common.
Logging & Intelligence
Q: How is application information logged?
A: Runtime logging of your application is handled by Waratek’s Management Server. Security information and events are displayed with the Waratek management server. In addition, Waratek supports logging directly into your existing SIEM eg. Splunk, ArcSight, QRadar.
Q: What intelligence can Waratek provide me when my application is under attack?
A: Waratek can provide an extensive set of application metadata for example Time and Date of attack – IP Address of Attacker – User’s cookie data – URL path under attack – Username of Attacker – Users session id – User injected SQL code. As Waratek operates within the Java Virtual Machine itself it has full access to all HTTP header field information.
Q: How can I get Waratek and how much does it cost?
A: Waratek provides a straightforward evaluation process which will allow the user within a couple of hours get a firm appreciation of the value of the Waratek Application Security Solution.
Q: How can I get support from Waratek?
A: Waratek provide different levels of support to suit your requirements.