Waratek Zero Day Protection Visibility and Forensics Legacy Apps

Making Applications Self-Protecting, Self-Diagnosing, Self-Testing
Java is used for the majority of production Enterprise applications and
platforms, such as Apache Tomcat and IBM WebSphere deployed today.
However, these platforms and applications lack the ability to defend
themselves from today’s targeted, dynamic attacks.
Waratek provides a new and disruptive application layer solution in the
Gartner category of Runtime Application Self Protection (RASP),
securing your enterprise and preventing attacks with no code changes,
agents or network devices.
Zero Day
and Forensics
Moving Beyond Static and Network-Based Security
Existing attempts to protect applications rely on static code analysis, application best practices, or network devices
such as web application firewalls (WAF), none of which are completely effective. Application best practices are very
difficult to apply consistently, and cannot be used for third-party libraries or applications. Neither static analysis nor
WAF understand the application logic and attack methods, such as SQL Injection, take advantage of application logic
vulnerabilities. Not surprisingly, Gartner Inc states that "Modern Security fails to test and protect all apps. Therefore,
apps must be capable of security self-testing, self-diagnostics and self-protection. It should be a CISO top priority"1
Solution Description
Waratek operates within the JVM, the compilation and execution layer
for Java applications. Building upon the standard Oracle HotSpot JVM,
Waratek has added a security rules engine that allows enterprises to
protect business critical applications without code changes. The rules
engine supports fine grained monitoring and control of all key
application behaviors, including file, database, network and process
control. Unlike other solutions, Waratek can make real-time, dynamic
evaluations of application activity, thereby detecting:
Database access
Method and function calls
Field and variable reading and writing
File and network access
Class loading, class linking and reflection
Waratek AppSecurity for Java is the first and only
solution to leverage the power of the JVM for
Runtime Application Self-Protection. By using the
JVM’s ability to track user input through application
execution to back-end database calls, SQL Injection
and other input validation attacks can be not just
detected, but actually stopped, before data is
compromised. Policy options include logging,
transmission to correlation analysis, and blocking.
1 Gartner Inc. Stop Protecting Your Apps; It’s Time for Them To Protect Themselves
25 September 2014, by Joseph Feiman, Gartner Fellow and Analyst
Key Benefits
• Absolute detection of SQL injection
• Zero false positives
• Protects legacy apps and environments
• Protects data without affecting application integrity,
availability or performance
• No application changes, agents or network devices
• Supports private and hybrid cloud deployment models
Application Security
for Java
Making Applications Self-Protecting, Self-Diagnosing, Self-Testing
Securing Java from the Inside Out
Virtual Patching for Java Applications and Legacy Software
Waratek supports virtual patching of Java applications and runtime
environments. Most organizations seek to minimize application
availability risk and operational overhead by keeping software
updates to a minimum. In other cases software provided by third
parties may be end-of-life and unsupported. In practice this means
that known vulnerabilities are often unpatched for months or years.
Waratek provides “virtual patching” to protect applications without
software updates.
“This is a very nice implementation of
RASP (Runtime Application Self Protection),
easy to deploy in the development environment,
and far more effective than web application firewalls.”
An unusual and innovative approach to Java security
Peter Stephenson, SC Magazine, 02 March 2015
Most applications are running on
vulnerable, legacy Java
Zero Day Patching
Even zero-day threats are mitigated because Waratek traps the
application behavior, independent of the threat vector, without
having to wait for a patch to be coded, tested and implemented.
The Waratek generic black list rules that prevent inappropriate
behaviors can defeat zero day attacks that seek to exploit these
vectors, even with new attack methods. If required, a zero day
virtual patch can be implemented by adding to the rule file
without any need to stop the application running or change the
application code.
Taint Detection Engine and Forensics
Implementing Waratek has no impact on the application development lifecycle and provides visibility in the place it is
normally most lacking: inside the application. It immediately delivers forensic information on malware attempts to
compromise application logic, whether from insider threats or external sources. Both Security and Development
teams can use this threat visualization to fully understand attacks, and in particular how they leverage poor input
validation or platform vulnerabilities.
Waratek Named the Most Innovative Company 2015
“Waratek won the award based on its ability to
clearly demonstrate strengths in addressing the
market’s need for better application protection
against sophisticated attacks without having to
install network devices, make code changes or
greatly impact performance.”
Waratek Head Office:
Waratek New York:
Waratek UK:
Level 3, 8 Harcourt Street, Dublin, 2, Ireland
45 Rockefeller Plaza, New York, NY 10111
Longcroft House, 2/8 Victoria Avenue, London EC2M 4NS
Email: [email protected]
©2015 Waratek Limited
All rights reserved