Case Study: Secure Aging Software Without Source Code Changes

Global Commercial Real Estate Services Company Improves Security and Compliance

Client Profile

 

A publicly traded global commercial real estate services firm with nearly $10B (USD) in annual revenue

  • Industry: Real Estate Services
  • Geography: Global
  • Employees: 50,000+
  • Products Supported: PeopleSoft

“I recall during the initial discussions of the solution, I was a bit skeptical of what I was hearing. Day one protection, easy installation, customizable rules etc. My skepticism quickly diminished. Our deployment was one of the easiest I’ve experienced, and we reaped the benefits of Day One protection the moment we “turned it on.”

Company Corporate Solutions Manager

The Challenge

 

The Client offers commercial real estate services for companies and investors in 60 countries, providing a wide variety of technology-driven solutions and services as well as relying on technology to manage company business.

Most large organization security teams are tasked with keeping aging, but mission critical, platforms secure and fully functional. That often means continuing to operate a software platform well-beyond its vendor public support or relying on prohibitively expensive vendor support contracts.

At some point, vendor patches for out-of-public support platforms are no longer available. That leaves companies increasingly vulnerable to attack and at risk of being found to be out of compliance with government, industry, and company regulations and policies.

That’s the place where the Client found itself in early 2020. Relying on an aging PeopleSoft platform, the Client was faced with known deserialization vulnerabilities, but few options for securing the platform and all of them timeconsuming and expensive.

Facing a long and costly traditional “find & fix” vulnerability management process, the Client contacted Waratek to evaluate the company’s Secure compiler-based runtime application security solution.

“I recall during the initial discussions of the solution, I was a bit skeptical of what I was hearing. Day one protection, easy installation, customizable rules etc,” recalls the Client’s Corporate Solutions Manager.

“My skepticism quickly diminished. Our deployment was one of the easiest I’ve experienced, and we reaped the benefits of Day One protection the moment we “turned it on.”

“As a Public company, protecting our enterprise applications is a high priority and Waratek has played a significant role in achieving that goal.”

Waratek’s Solution

 

The Client came to Waratek to help address known deserialization issues using the company’s unique ARMR compiler-based security rules that can be applied without source code changes while vulnerable applications continue to run. The Client applied additional rules to address other common exploits such as Process Forking, XSS, Path Traversal, and SQLi, as well as rules to harden the app to prevent unnecessary file reads, writes and network access by 3rd party machines.

Client Results

 

After installation, the Client determined that all critical and high vulnerabilities were remediated. The time from first conversation to full protection in live production was eight business days.

Client Benefits

 

Waratek Secure offers “always on” security protection for threats the OWASP Top 10, SANS 25, and zero-day attacks. Offering instant protection, Waratek Secure installs in minutes and doesn’t require code changes or routine tuning. Best of all, Waratek Secure has an ultra-low performance impact and will never produce false positives – ever.

Securing your applications from the most common vulnerabilities like cross-site scripting (XSS), SQL injection, and insecure deserialization has ever been faster or easier. Using Waratek Secure, powered by the compiler-based ARMR Security Platform, there is no need for direct interaction with the application code. No prior knowledge of the application is required, and there is no recompilation or restart necessary. Security is provided for the entire application stack, including third-party libraries and open source components.

Protect your own Enterprise

Schedule a demo