Run-Time Self Protection Provides Visibility, Blocking and Virtual Patching Against Threats at Every Layer of the Application Stack
Waratek, the Java application protection and management company, today announced Waratek Java Application Security (JAS), the first security product that monitors, detects and blocks threats from within the Java Virtual Machine (JVM). Waratek JAS enables organisations to gain visibility into malicious activity, enforce security policies and virtually patch vulnerabilities at run-time without installing any agents or modifying applications. It prevents attacks from reaching Java applications regardless of whether they target business logic or legacy Java vulnerabilities.
According to Gartner, Inc.: “Applications can be better protected when they possess self-protection capabilities built into their runtime environments, which have full insight into application logic, configuration, and data and event flows.”[1]
Current Approaches Falling Short
Traditional approaches to application protection including static code analysis, application best practices, and network devices such as web application firewalls (WAF) are unable to keep up with Java threats. Application best practices are very difficult to apply consistently, and cannot be used for third-party libraries or applications. The recent Heartbleed OpenSSL vulnerability demonstrates how ubiquitous third party libraries have become, why they are so difficult to police and the damage they can cause.
Waratek JAS Provides Deep Visibility
To protect applications from the inside out, Waratek JAS operates at the JVM layer where it monitors every network packet, file system call and CPU instruction, while remaining transparent to both applications and network infrastructure. This deep visibility also allows Waratek JAS to log and audit activity for compliance reporting, forensics and integration with security information event management (SIEM) systems. It requires no changes to application code, modifications to network configurations or hardware appliances. Waratek JAS uses industry-standard, Oracle Licensed Technology and can be deployed in monitoring or blocking mode.
Zero Day Attack Protection
To protect applications against malicious activity including SQL Injection, abnormal file manipulation or unexpected network connections, Waratek JAS uses a small set of rules that provide broad coverage against attacks from outside the application and quarantine illegal operations inside the application. This approach also defends against Zero Day vulnerabilities since it traps the application behaviour, independent of the threat vector, without having to wait for a patch to be coded, tested and implemented. A simple black list rule can be implemented to provide virtual patch protection against new vulnerabilities, without the need to stop the application or make any code changes. Since it has end-to-end visibility of Java applications, Waratek JAS provides protection at every stage of the attack lifecycle including:
· Inspection of risky API calls and network access
· Detection of vulnerable code
· Mitigation of vulnerabilities
· Quarantine of sensitive operations
· Isolation of resources and data
“According to industry sources, custom Java applications contain between 5 to 10 security vulnerabilities per 10,000 lines of code, which is a huge problem since many of these programs are used by financial institutions and large enterprises to run key pieces of their business, ” said Brian Maccaba, CEO of Waratek. “With Waratek JAS we have reduced the Java attack surface to a small well-defined space that allows us to monitor and protect against third party software vulnerabilities, internal threats and external attacks – all without making any changes to existing applications.”
Virtual Patching
To enable organisations to minimise the risk and operational overhead associated with applying critical application patches, Waratek provides “virtual patching” until updates can be installed. This capability not only enables controlled patching so updates can be properly tested, but also addresses legacy security threats. For example, third party Java code running in older applications may be end‐of-life and unsupported, leaving known vulnerabilities unpatched for months or years.
Availability and Pricing
Waratek JAS is available immediately. Pricing is per protected application per month.
About Waratek
[1] Gartner, Inc. Runtime Application Self-Protection: A Must-Have, Emerging Security Technology, 24 April 2012 by Joseph Feiman
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.