InfoSecurity Author: Hussein Badakhchani
Since its emergence in 2012, Runtime Application Self Protection (RASP), a term coined by Gartner’s Joseph Feiman, has seen steady growth with RASP vendors penetrating a number of market segments.
Unlike established security technologies that occupy the perimeter space of IT such as Web Application Firewalls (WAF) or those that statically analyze application code during testing (STAST) technologies, RASP based technologies promise to eliminate false positives, reduce the complexity of securing applications and to lock down the most common vulnerabilities being exploited today.
Security Embedded Within the Application
The proponents of RASP can make these claims as they argue the security intelligence is embedded directly within the application and enabled at runtime. As such, the security intelligence can differentiate between application and user data allowing it to identify illicitly injected code or to detect unusual application activity (indicators of intrusion) with an unprecedented degree of precision.
Furthermore, these security rules can be configured to prevent attempts to access protected compute resources such as file systems and network sockets. Depending on the capabilities of the specific implementation of RASP, these rules can be simple, generic and dynamically adjustable at runtime, without impacting the normal application lifecycle or expected application operation in any way.
RASP technologies protect against some of the most exploited vulnerabilities (as classified by OWASP) including SQL Injection, Command Line Injection and Cross Site Scripting. One may ask how all of this is any different to WAF protection? The distinction comes from of the generic nature of RASP configuration which is a direct product of embedding security intelligence within the application, as opposed to traditional pattern matching techniques employed by WAF.
For example, some RASP technologies can mitigate 100% of SQL Injection attacks with no false positives simply by defining a single one-line rule. Compare this to the complex pattern matching rules employed by WAF which, given their highly specialized nature, result in both large numbers of rules that need to be constantly updated.
While these advantages alone make the case for including RASP in a comprehensive cybersecurity strategy, recently two other significant benefits have come to the fore namely zero day vulnerability mitigation and virtual patching.