A new security company is pushing a product that monitors, detects and blocks threats from inside the Java Virtual Machine (JVM).
Headquartered in Dublin, Waratek pulled the covers away from its Java Application Security (JAS) product earlier this week. The idea behind Waratek JAS is to serve as a security-enabled version of JVM and monitor network packets, file system calls and CPU instructions to identify and block external attacks. It also allows users to virtually patch vulnerabilities at run-time without installing any agents or modifying applications and prevents attacks from hitting Java applications.
The product fits into a new category of security technology that the analyst firm Gartner refers to as “Runtime Application Self-Protection” (RASP). According to Gartner, RASP technologies are built or linked into an application or application runtime environment and are capable of controlling application execution and detecting and preventing real-time attacks.
According to Waratek, the visibility offered by JAS allows the product to log and audit activity for compliance reporting, forensics and integration with security information event management (SIEM) systems. The technology does not require changes to application code or modifications to network configurations or hardware appliances.
To thwart SQL injection and other attacks, the product uses a set of customizable rules. The approach also works as a defense against zero-day vulnerabilities because it traps application behavior without the user having to wait for a patch to be released. A simple blacklist rule can be used to provide virtual patch protection against new vulnerabilities.
“According to industry sources, custom Java applications contain between five to 10 security vulnerabilities per 10,000 lines of code, which is a huge problem since many of these programs are used by financial institutions and large enterprises to run key pieces of their business,” said Brian Maccaba, CEO of Waratek, in a statement. “With Waratek JAS we have reduced the Java attack surface to a small well-defined space that allows us to monitor and protect against third party software vulnerabilities, internal threats and external attacks – all without making any changes to existing applications.”
The product will be generally available later this summer.