Now on Demand: CISO Forum Virtual Summit - All Sessions Available to Watch Instantly
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Security Vendor Protects Java Apps at Runtime With New Technology

A new security company is pushing a product that monitors, detects and blocks threats from inside the Java Virtual Machine (JVM).

A new security company is pushing a product that monitors, detects and blocks threats from inside the Java Virtual Machine (JVM).

Headquartered in Dublin, Waratek pulled the covers away from its Java Application Security (JAS) product earlier this week. The idea behind Waratek JAS is to serve as a security-enabled version of JVM and monitor network packets, file system calls and CPU instructions to identify and block external attacks. It also allows users to virtually patch vulnerabilities at run-time without installing any agents or modifying applications and prevents attacks from hitting Java applications.

The product fits into a new category of security technology that the analyst firm Gartner refers to as “Runtime Application Self-Protection” (RASP). According to Gartner, RASP technologies are built or linked into an application or application runtime environment and are capable of controlling application execution and detecting and preventing real-time attacks.  

According to Waratek, the visibility offered by JAS allows the product to log and audit activity for compliance reporting, forensics and integration with security information event management (SIEM) systems. The technology does not require changes to application code or modifications to network configurations or hardware appliances.

To thwart SQL injection and other attacks, the product uses a set of customizable rules. The approach also works as a defense against zero-day vulnerabilities because it traps application behavior without the user having to wait for a patch to be released. A simple blacklist rule can be used to provide virtual patch protection against new vulnerabilities.

“According to industry sources, custom Java applications contain between five to 10 security vulnerabilities per 10,000 lines of code, which is a huge problem since many of these programs are used by financial institutions and large enterprises to run key pieces of their business,” said Brian Maccaba, CEO of Waratek, in a statement. “With Waratek JAS we have reduced the Java attack surface to a small well-defined space that allows us to monitor and protect against third party software vulnerabilities, internal threats and external attacks – all without making any changes to existing applications.”

The product will be generally available later this summer. 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Secure enterprise browser provider Menlo Security has appointed Bill Robbins as President.

Erik Rolf has joined Booz Allen Hamilton as the Business Information Security Officer (BISO) of Commercial Sector.

Gant Redmon has joined Trustle as its new Chief Executive Officer and Board Director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.