Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Security Vendor Protects Java Apps at Runtime With New Technology

A new security company is pushing a product that monitors, detects and blocks threats from inside the Java Virtual Machine (JVM).

A new security company is pushing a product that monitors, detects and blocks threats from inside the Java Virtual Machine (JVM).

Headquartered in Dublin, Waratek pulled the covers away from its Java Application Security (JAS) product earlier this week. The idea behind Waratek JAS is to serve as a security-enabled version of JVM and monitor network packets, file system calls and CPU instructions to identify and block external attacks. It also allows users to virtually patch vulnerabilities at run-time without installing any agents or modifying applications and prevents attacks from hitting Java applications.

The product fits into a new category of security technology that the analyst firm Gartner refers to as “Runtime Application Self-Protection” (RASP). According to Gartner, RASP technologies are built or linked into an application or application runtime environment and are capable of controlling application execution and detecting and preventing real-time attacks.  

According to Waratek, the visibility offered by JAS allows the product to log and audit activity for compliance reporting, forensics and integration with security information event management (SIEM) systems. The technology does not require changes to application code or modifications to network configurations or hardware appliances.

To thwart SQL injection and other attacks, the product uses a set of customizable rules. The approach also works as a defense against zero-day vulnerabilities because it traps application behavior without the user having to wait for a patch to be released. A simple blacklist rule can be used to provide virtual patch protection against new vulnerabilities.

“According to industry sources, custom Java applications contain between five to 10 security vulnerabilities per 10,000 lines of code, which is a huge problem since many of these programs are used by financial institutions and large enterprises to run key pieces of their business,” said Brian Maccaba, CEO of Waratek, in a statement. “With Waratek JAS we have reduced the Java attack surface to a small well-defined space that allows us to monitor and protect against third party software vulnerabilities, internal threats and external attacks – all without making any changes to existing applications.”

The product will be generally available later this summer. 

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.