Applications are the blind spot of cyber security with most resources directed at securing the perimeter. Runtime Application Self Protection – RASP – is the next generation of application security associated with an application’s runtime environment. Waratek’s solution detects and prevents real-time attacks, such as SQL Injection or Remote Code Execution, with no false positives, doesn’t slow your applications’ performance, and increases the visibility into your apps’ operations – benefits not possible with traditional approaches to today’s threats.

Using the Just-in-Time Compiler of Java and .NET platforms, Waratek’s RASP solutions also give you the ability to instantly remediate known vulnerabilities with runtime virtual patches as well as virtually upgrade out-of-support Java-based applications.

of attacks are directed at the application layer

(SOURCE: US Dept of Homeland Security; Verizon)

of AppSec professionals say a lack of visibility in the application layer prevents strong security

(SOURCE: Ponemon Institute)

of 1000 central repositories include components that have not been updated in five years or longer

(SOURCE: Sonatype)

“A week after we installed the Waratek solution we got hit with more deserialization attacks,” the CISO says. “Because of Waratek’s solution, the attacks were immediately stopped, and the solution automatically alerted us to the attempt. All of the hacker’s malicious scripts failed, which took us to a new level of confidence — the Waratek virtual patch is providing the protection we need, better and faster than we ever thought possible.”

Chief Information Security Officer

Runtime Application Self-Protection - RASP

Runtime Application Self-Protection – RASP – is a transformational application security technology securing an application’s runtime.

Waratek’s RASP solution makes it easy for teams to:

  • instantly patch known flaws
  • protect applications from known and Zero Day attacks
  • virtually upgrade out-of-support applications

Waratek offers benefits over other WAF and RASP products:

  • no downtime
  • no risk of breaking an app
  • no source code changes
  • no false positives
  • no routine tuning
  • no unacceptable performance overhead

Waratek Application Security Products

Waratek makes it easy for security teams to instantly patch known flaws, virtually upgrade out-of-support applications, and protect 100% of their application code – all without time consuming and expensive code changes. Using patented virtualization technology, Waratek’s patented runtime application protection is highly accurate, easy to install, simple to operate and does not slow applications.

Waratek Patch

Waratek PatchA lightweight plugin agent to apply custom security patches as well as current and historical virtual patches for instant protection.

  • Create and apply custom virtual patches
  • Virtual patches of Java and .NET critical patch updates
  • Library of past CPUs to Java 4
LEARN MORE

Waratek Secure

Waratek Secure

A lightweight plugin agent that protects against the known vulnerabilities found in:

  • 2013 and 2017 OWASP Top Ten,
  • SANS Top 25
  • Zero Day Attacks
LEARN MORE

Waratek Enterprise

Waratek Enterprise

A plugin agent that provides the full suite of Waratek benefits:

  • Virtual Platform Upgrade for Java
  • Virtual Patching
  • Full Stack Security
LEARN MORE

SUGGESTED VIEWING:

Take a look at how Waratek Patch works

SUGGESTED READING:

Introduction to Runtime Protection

The Transformational Application Security Technology that Improves Protection and Operations

DOWNLOAD WHITEPAPER

SUGGESTED VIEWING:

Find out how Waratek Enterprise works

Heuristic-based approaches to app security such as WAF and IPS Solutions make it very difficult to operate your protection tools in unconditional blocking mode because there are too many false positives and other issues that have the potential to affect the operation of your apps. Waratek’s unique and patented protection allows customers to confidently run their apps in full blocking mode from the start. Providing protection from known and unknown vulnerabilities (0-day) with no false positives, no tuning, no code changes and ultra-low performance overhead.

PLAY VIDEO
Waratek Installation

Compiler Based Runtime Application Self Protection (RASP)

Providing unique patented runtime protection

Apache Struts 2 Virtual Patch

Organizations using the Struts 2 framework are vulnerable to any general code injection attack. Waratek fully remediates known CVEs with a virtual patch that can be live-updated without taking affected applications out of production.

READ MORE

Name Space Layout Randomization

Name Space Layout Randomization or NSLR is the equivalent of Address Space Layout Randomization (ASLR) for Java-based applications. Developed by Waratek, NSLR hardens the Java Virtual Machine (JVM) by randomizing the JDK namespace (Java packages), which makes code injection exploits so difficult to execute that they become unfeasible.

READ MORE

Deserialization of Untrusted Data

Some of the most widespread security vulnerabilities to occur over the last couple years are related to when applications deserialize data from untrusted sources. Find out how Waratek’s approach to application security remediates Java object deserialization attacks using a secure runtime container

READ MORE

Try A Demo
& Get Protected.

Get a free POC when you schedule now.