Historically security focus has been on securing the perimeter. With more than
80% of attacks now happening at the application layer it is widely accepted that securing the perimeter is not enough.
An application is the gateway to your client data. If you are responsible for protecting your clients data, then you need to find the best way to secure your applications.
RASP is a security category that provides protection within the runtime environment of an application. It is the only Application Security category that Gartner have identified as transformational in their 2015 Hype Cycle for Application Security.
Yes. There are two types, one based on instrumentation (or filters), the other based on virtualization.
Waratek is the only RASP solution based on virtualization. This is significant for a number of reasons:
• Waratek provide remediation and mitigation of vulnerabilities in the full software stack, securing both your application and application stack
• Waratek’s unique location in the runtime environment means that we have full contextual awareness and therefore are able to provide complete accuracy
• Waratek are completely ‘in process’, therefore there are no APIs, table look ups or other outside interfaces.
This means that:
• Waratek require no prior application knowledge, so you are immediately protected
• Waratek require no code changes or external devices, enabling you to secure new and legacy applications.
Waratek is unique in that it makes use of the JIT compiler to fix vulnerable code while the application runs, eliminating the delays and downtime required to apply a binary patch as well as the risk of breaking the application due to incompatible code. Once your application is deployed it will operate exactly the same way as it does today, with the benefit of being secure.
No because Waratek does not touch your application at all. Therefore there is no need to change a single line of code in your application so its functional behaviour and performance are unaffected.
Absolutely! Without having to make a single change to a line of code, your legacy applications will be protected by fixes gained in a more recent version. For example your legacy Java 1.5 application will inherit the fixes provided in a 1.7 Oracle Java release.
Yes, if your security policy is for defence in depth, Waratek can be used also as a complementary control used for educating WAF’s. Waratek produces a large amount of metadata when under attack. This is metadata that a WAF cannot expose or have insight to. Waratek’s RASP solution can provide WAF’s with the accuracy and intelligence they innately cannot achieve by themselves.
Waratek supports your Enterprise deployment strategy, whether that is for in-house deployment or on a public or Hybrid Cloud environment.
Waratek provides a plug-in agent to your existing Java Virtual Machine (JVM). You simply pass the Waratek agent to your Java process and security is applied instantaneously.
As Waratek is a plugin to the Java Virtual Machine itself it has complete contextual awareness of all application requests and behavior, which cannot be achieved by instrumenting at the application level. Waratek is a truly unique RASP solution, as it doesn’t require third party API’s, it requires no prior knowledge of application behavior and importantly requires no code changes to the application itself.
Waratek supports the following
• Java EE (All versions)
• Redhat 5.5 +
• Centos 5.5 +
• SUSE 11 SP 2
• Solaris 10 +
• Windows Server 2003, 2008, 2012, 2016
• AIX 6 +
Due to Waratek’s unique location in the runtime environment, when under attack there is a negligible performance effect that is virtually invisible to the end user. In fact, if Waratek Enterprise is deployed to bring your legacy Java applications up to date, then performance improvements are common.
Waratek can provide an extensive set of application metadata for example Time and Date of attack – IP Address of Attacker – User’s cookie data – URL path under attack – Username of Attacker – Users session id – User injected SQL code. As Waratek operates within the Java Virtual Machine itself it has full access to all HTTP header field information.