WAF to Runtime Protection

By September 5, 2018 April 30th, 2019 Blog, Legacy, Patching, Zero Day

The changing of the guard is underway.

 

In late July, Amy DeMartine of Forrester made a bold prediction:

“…eventually runtime application self-protection (RASP) (will) take over web application firewall (WAF) as the best way to combat web app attacks. They have deeper knowledge than WAFs of the applications that they protect, and they can virtually patch vulnerabilities and weaknesses. In an upcoming report, we’re predicting WAF market growth to significantly slow down over the 2021–2023 period as bot management and RASP tools fully cover traditional WAF capabilities. In fact, RASP will experience a healthy 26.2% CAGR in the same period.” 

Longstanding frustrations with WAF coupled with high profile security events and new regulations like GDPR are driving the push to newer technologies like runtime protections.  For years, WAF have frustrated security teams with their high false positives and performance killing overhead. Spend enough time with a WAF engineer and they’ll tell you about all the time spent running in monitor mode or with just enough rules applied to pass an audit.

It is somewhat ironic that the same regulatory environment that helped create demand for WAF is also driving companies to newer, more effective alternatives. PCI compliance drove the vast majority of WAF installations. Now GDPR and it’s “security by design/protection by default” criteria is driving organizations to look at protections that can address basic security more effectively and tackle related issues like patching and legacy software upgrades that WAF cannot fix.

WAF vs RASP

For example, take a look at how Waratek’s runtime protection using proven compiler techniques compares to WAF and the advantages of Waratek’s approach become clear.

 

WAF Technology

Waratek / Runtime Protection

No profiling or routine tuning

✔︎

No instrumentation/filters  (heuristics)

✔︎

No false positives – guaranteed

✔︎

Run in blocking mode with low/no performance hit

✔︎

Remediate CVEs with no downtime or source code changes

✔︎

Virtual upgrade of out of support Java applications

✔︎

WAF may still find a home in organizations that are dedicated to a defense-in-depth strategy. Over the long term, though, compiler based runtime solutions offer the best protection against the increasingly complex and frequent attacks against known CVEs – without the side effects or time and resources required by WAF.

 

Waratek Patch Before and After

print
Waratek

Author Waratek

Some of the world’s leading companies use Waratek to patch, secure and upgrade their mission critical web applications using our next generation technology. Waratek makes it easy for security teams to instantly patch known Java and .NET flaws with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

More posts by Waratek
X