Welcome!

Java IoT Authors: Jason Bloomberg, Liz McMillan, Elizabeth White, Pat Romanski, Stackify Blog

News Feed Item

Waratek Protects Enterprise Java Apps from the Inside Out

Waratek, the Java application protection and management company, today announced Waratek Java Application Security (JAS), the first security product that monitors, detects and blocks threats from within the Java Virtual Machine (JVM). Waratek JAS enables organizations to gain visibility into malicious activity, enforce security policies and virtually patch vulnerabilities at run-time without installing any agents or modifying applications. It prevents attacks from reaching Java applications regardless of whether they target business logic or legacy Java vulnerabilities.

CLICK TO TWEET: @waratek protects #Java enterprise apps from the inside out http://bit.ly/1nvzR7M #JavaSecurity

According to Gartner, Inc.: “Applications can be better protected when they possess self-protection capabilities built into their runtime environments, which have full insight into application logic, configuration, and data and event flows.”1

Waratek JAS will be demonstrated at the Gartner Security and Risk Management Summit Booth 1127 in National Harbor, MD from June 23-26 http://www.gartner.com/technology/summits/na/security/

Current Approaches Falling Short

Traditional approaches to application protection including static code analysis, application best practices, and network devices such as web application firewalls (WAF) are unable to keep up with Java threats. Application best practices are very difficult to apply consistently, and cannot be used for third-party libraries or applications. Meanwhile, WAFs don’t understand application logic to the degree necessary to reliably block attacks, and require complex configuration and management. The recent Heartbleed OpenSSL vulnerability demonstrates how ubiquitous third party libraries have become, why they are so difficult to police and the damage they can cause.

Waratek JAS Provides Deep Visibility

To protect applications from the inside out, Waratek JAS operates at the JVM layer where it monitors every network packet, file system call and CPU instruction, while remaining transparent to both applications and network infrastructure. This deep visibility also allows Waratek JAS to log/audit activity for compliance reporting, forensics and integration with security information event management (SIEM) systems. It requires no changes to application code, modifications to network configurations or hardware appliances. Waratek JAS uses industry-standard, Oracle Licensed Technology and can be deployed in monitoring or blocking mode.

Zero Day Attack Protection

To protect applications against malicious activity including SQL Injection, abnormal file manipulation or unexpected network connections, Waratek JAS uses a small set of rules that provide broad coverage against attacks from outside the application and quarantine illegal operations inside the application. This approach also defends against Zero Day vulnerabilities since it traps the application behavior, independent of the threat vector, without having to wait for a patch to be coded, tested and implemented. A simple black list rule can be implemented to provide virtual patch protection against new vulnerabilities, without the need to stop the application or make any code changes. Since it has end-to-end visibility of Java applications, Waratek JAS provides protection at every stage of the attack lifecycle including:

  • Inspection of risky API calls and network access
  • Detection of vulnerable code
  • Mitigation of vulnerabilities
  • Quarantine of sensitive operations
  • Isolation of resources and data

“According to industry sources, custom Java applications contain between 5 to 10 security vulnerabilities per 10,000 lines of code, which is a huge problem since many of these programs are used by financial institutions and large enterprises to run key pieces of their business, ” said Brian Maccaba, CEO of Waratek. “With Waratek JAS we have reduced the Java attack surface to a small well-defined space that allows us to monitor and protect against third party software vulnerabilities, internal threats and external attacks – all without making any changes to existing applications.”

Virtual Patching

To enable organizations to minimize the risk and operational overhead associated with applying critical application patches, Waratek provides “virtual patching” until updates can be installed. This capability not only enables controlled patching so updates can be properly tested, but also addresses legacy security threats. For example, third party Java code running in older applications may be end‐of-life and unsupported, leaving known vulnerabilities unpatched for months or years.

Availability and Pricing

Waratek JAS is available immediately. Pricing is per protected application per month.

Resources:

Video: http://www.waratek.com/security

Whitepaper: http://www.waratek.com/security/whitepaper

Corporate Profile: http://www.waratek.com/about

About Waratek

Waratek makes Java enterprise applications more secure and easier to manage. The Waratek Java Application Security platform provides transparent, run-time application self-protection against business logic and network layer threats. The Waratek CloudVM enables organizations to deploy multiple Java apps on a single server within Cloud or datacenter environments to dramatically reduce operating costs. Waratek is a SWIFT Innotribe Top Global Innovator and Gartner Cool Vendor in Application and Integration Platforms. The company is headquartered in Dublin, Ireland with offices in London, New York, Sydney, Tokyo, Shanghai, Taipei and Seoul. For further information please visit www.waratek.com.

1 Gartner, Inc. Runtime Application Self-Protection: A Must-Have, Emerging Security Technology, 24 April 2012 by Joseph Feiman

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...
SYS-CON Events announced today that Interface Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Interface Corporation is a company developing, manufacturing and marketing high quality and wide variety of industrial computers and interface modules such as PCIs and PCI express. For more information, visit http://www.i...
SYS-CON Events announced today that Mobile Create USA will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Mobile Create USA Inc. is an MVNO-based business model that uses portable communication devices and cellular-based infrastructure in the development, sales, operation and mobile communications systems incorporating GPS capabi...
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
SYS-CON Events announced today that Suzuki Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Suzuki Inc. is a semiconductor-related business, including sales of consuming parts, parts repair, and maintenance for semiconductor manufacturing machines, etc. It is also a health care business providing experimental research for...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, will discuss how data centers of the future will be managed, how th...
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
In his session at @ThingsExpo, Greg Gorman is the Director, IoT Developer Ecosystem, Watson IoT, will provide a short tutorial on Node-RED, a Node.js-based programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes in the palette that can be deployed to its runtime in a single-click. There is a large library of contributed nodes that help so...
SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...