Runtime Application Security

Case Studies

Find out what our customers think about our Runtime Application Security Solutions

Waratek has practical experience working with leading global corporations including Financial Services, Healthcare, Fortune 100 companies and more. Here are a few of our application security case studies and test results using our unique and patented runtime protection solution.

Reducing Time to Patch and Expanding Security Protection

Global University improves protection and reduces cost with solutions from Waratek & Rimini Street


“Many of the security patches from Oracle are released on a quarterly basis, often addressing vulnerabilities which are up to 12 months old; that means your system may have been vulnerable for 12 months. By using more modern security approaches we found we would be able to better protect our systems…”

– Scott Lawry, Associate Director Solution Design and Delivery at QUT

“I recall during the initial discussions of the solution, I was a bit skeptical of what I was hearing.  Day one protection, easy installation, customizable rules etc. My skepticism quickly diminished. Our deployment was one of the easiest I’ve experienced, and we reaped the benefits of Day One protection the moment we “turned it on.”  – Company Corporate Solutions Manager

Secure Aging Software Without Source Code Changes

Global Commercial Real Estate Services Company Improves Security and Compliance

Global Commercial Real Estate Company


Virtual Patching While Under Attack

Healthcare Technology Company Uses New Strategy to Thwart Crypto-miner attack

Leading Healthcare IT Company

Case Study 6 Icon

“A week after we installed the Waratek solution we got hit with more deserialization attacks,” the CISO says. “Because of Waratek’s solution, the attacks were immediately stopped, and the solution automatically alerted us to the attempt. All of the hacker’s malicious scripts failed, which took us to a new level of confidence — the Waratek virtual patch is providing the protection we need, better and faster than we ever thought possible.”

“This approach protects our software much quicker than (physical) patches and without disrupting operations.”

Upon restart, a virtual container encapsulated the full application stack, providing instant modernization of the out-of-support JRE to a Java 8 JRE and instant protection from the Java-related vulnerabilities identified in the pre-scan.

Performance overhead was measured against a baseline without Waratek’s solution and reflected normal operation and operation under malicious attack. While under attack the performance, overhead increased by a 2.4%.  However, under normal operating conditions, Waratek improved app performance by as much as 9% and improved the overall performance by 6.9% after lifting the out-of-support JRE to a more efficient Java 8 JRE.

Modernizing out-of-date, mission critical applications without code changes

Instantly remediating years of unpatched vulnerabilities with no code changes or performance impact

Large US based company ($50-75B)


Legacy Java and PCI Compliance

Remove Vulnerabilities as detected by PCI frameworks

US Fortune 100 financial services company


After installation, all 29 Java vulnerabilities identified by Qualys scans were remediated by containerizing the legacy Java 6 application stack on top of a Java 8 host.  As a result, the environment could be considered as fully security compliant.

Legacy Upgrade and Virtual Patching

Remediating years of vulnerabilities and updating an out-of-date Java JRE without changing a single line of code.

US Based Global Media Company


Virtual Patching and Legacy Application Modernizing

Instant security and operations improvement without code changes

Global financial services institution


Waratek was required to protect the full application stack, including 3rd party components as well as remediate legacy, current and new application security vulnerabilities. Waratek was also evaluated on other criteria such as False Positive Rate (FPR), ease of installation, number of code changes required, compatibility and performance.

Waratek achieved the following results:

  • Simple, fast deployment in less than 30 minutes
  • All security tests: Passed
  • Active security controls: Protected against future threats (0-day) in all layers of application stack
  • Legacy applications: Transparently updated to Java 8 without code changes
  • Internal performance result: Passed
  • All functional tests: Passed
  • False Positive Rate: 0
  • Code Changes Required: 0

Virtual patching hundreds of applications means application development teams do not spend time upgrading to new versions of Java along with testing and deployment activities related to traditional physical patching. This avoids the financial and operations barriers to patching Java-based applications.

 The company has realized other benefits from Waratek’s approach to application security: No false positives have been generated by Waratek while operating in unconditional blocking mode. And, emergency virtual patches have been developed in less than 24 hours for newly discovered high severity vulnerabilities like Struts 2; protection is instant compared to traditional patching protocols.

No Downtime Updates

Saving time and costs with Virtual Patching

Global financial services company