Waratek Application Security Webinar Series

View on demand

Webinar: Securing the software supply-chain: lessons and trends in autonomous, zero-trust runtime security

During the 2021 APEX CISO National Virtual Summit (#ApexAsembly) we explored how modern enterprise applications are no longer the single-vendor, monolithic software packages of a generation ago.  Today’s modern enterprise application is a thin layer of business logic code sitting on top of a complex web of third-party platforms, frameworks and libraries so that for every 1 line of business logic code that you write, there are 10 lines of invisible third-party code executing inside your application stack that you didn’t write and have no security control over.

New approaches to securing the software supply chain are emerging which go inside the application at runtime to secure the invisible code and memory that comes from outside of your developers and outside of your security control.   During this session we will discuss the vulnerability and compliance trends that are driving the rise of autonomous, zero-trust runtime security solutions for third-party code components and the various forms that such solutions take.  We will conclude with a look to the future convergence of these runtime security solutions with other runtime, in-app products widely deployed today.

Key Takeaways:

  • The security of today’s enterprise applications is overwhelmed by large quantities of third-party code that comes from outside your organisation and outside of your security control
  • Until recently the principal (and often-times, only) solution for securing third-party code has been continuous SCA with manual software upgrades that require considerably developer effort, testing and cost
  • In spite of the widespread adoption of SCA tools in the last several years, vulnerable and/or outdated third-party components has risen from 9th to 6th position in the most recent OWASP Top 10 2021 draft rankings with OWASP warning that this rise reflects the ongoing struggle to test and secure the software supply-chain
  • New runtime security solutions are emerging which use live access to an application’s executing code and memory to provide autonomous security without manual developer effort or tuning
  • Autonomous runtime security solutions are an important new tool in the fight to secure the software supply-chain of modern enterprise applications
  • Runtime application security, runtime container security and APM tools will converge over time as customers look to consolidate the number of runtime products used with their applications

Webinar: Defense from the Inside: Demystifying Runtime Security

Business agility shouldn’t put your application security at risk. Yet, many companies have avoided adding security controls to the runtime for fear that it will slow their applications.

In this webinar, learn how Waratek is using the JIT compiler – made famous for its ability to optimize performance and speed – to identify and remediate vulnerabilities in the runtime

In this webinar, we explore:

  • Why perimeter security solutions fall short.
  • How JIT compilers implement zero-trust security without false positives or impacting performance.
  • Use of JIT compilers for patching and compliance acceleration.

Webinar: How to end false positives

What if your application security platform didn’t cause false positives?  Too good to be true?  It’s not.

False alarms.  The bane of all security teams.  A recent research report1 noted that only 56 percent of security alerts are routinely researched; only 28 percent of those are deemed legitimate; and, less than half of the legitimate alerts are remediated. The cost of investigating these false alarms is an estimated average $1.3 million USD per year2.

Join our webinar to learn how moving away from traditional, heuristic-based security like WAFs means improved application security without time-consuming configuration or chasing false positives.

SOURCES: 1The Cisco 2017 Security Capabilities Benchmark Study and 2The Ponemon Institute.

In this 30 minute webinar we’ll discuss how to:

  • End the guesswork of heuristics using virtualization
  • Determine if a transaction is permissible at runtime with no configuration
  • Improve security without slowing your applications
  • Reduce your team’s workload at the same time

During the nearly two years our patented technology has been in global production, it has never produced a false positive. We’re so confident that our Application security platform can eliminate all false positives for the OWASP Top Ten, we offer a guarantee:  If we produce a false positive, we’ll give you a $10,000 credit per unique event.


Webinar: Deserialization Vulnerability

In this 30 minute webinar you’ll learn:

  • What is Deserialization and how a Deserialization Attack Works
  • Why traditional App Sec approaches are not working
  • How to protect your applications from deserialization attacks without:
    1. Profiling
    2. Blacklisting
    3. Whitelisting
    4. Code changes
    5. Tuning
    6. Breaking your app
  • The advantages of a virtualization-based approach to application security

Deserialization vulnerabilities are one of the greatest nightmares for App Sec professionals. These attacks are also increasingly popular among malicious hackers because they are often easy to execute and difficult to prevent.

Oracle’s Q1 2017 Critical Patch Update includes a deserialization patch to help address a vulnerability that impacts virtually every Java app today running on a server which provides Remote Method Invocation (RMI).   But that patch relies on a traditional approach to preventing deserialization attacks.

Waratek has developed a highly effective, virtualization based approach that does not rely on blacklisting or whitelisting to prevent attacks.