Welcome!

Java IoT Authors: Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz, Mehdi Daoudi

News Feed Item

Waratek Protects Enterprise Java Apps from the Inside Out

Waratek, the Java application protection and management company, today announced Waratek Java Application Security (JAS), the first security product that monitors, detects and blocks threats from within the Java Virtual Machine (JVM). Waratek JAS enables organizations to gain visibility into malicious activity, enforce security policies and virtually patch vulnerabilities at run-time without installing any agents or modifying applications. It prevents attacks from reaching Java applications regardless of whether they target business logic or legacy Java vulnerabilities.

CLICK TO TWEET: @waratek protects #Java enterprise apps from the inside out http://bit.ly/1nvzR7M #JavaSecurity

According to Gartner, Inc.: “Applications can be better protected when they possess self-protection capabilities built into their runtime environments, which have full insight into application logic, configuration, and data and event flows.”1

Waratek JAS will be demonstrated at the Gartner Security and Risk Management Summit Booth 1127 in National Harbor, MD from June 23-26 http://www.gartner.com/technology/summits/na/security/

Current Approaches Falling Short

Traditional approaches to application protection including static code analysis, application best practices, and network devices such as web application firewalls (WAF) are unable to keep up with Java threats. Application best practices are very difficult to apply consistently, and cannot be used for third-party libraries or applications. Meanwhile, WAFs don’t understand application logic to the degree necessary to reliably block attacks, and require complex configuration and management. The recent Heartbleed OpenSSL vulnerability demonstrates how ubiquitous third party libraries have become, why they are so difficult to police and the damage they can cause.

Waratek JAS Provides Deep Visibility

To protect applications from the inside out, Waratek JAS operates at the JVM layer where it monitors every network packet, file system call and CPU instruction, while remaining transparent to both applications and network infrastructure. This deep visibility also allows Waratek JAS to log/audit activity for compliance reporting, forensics and integration with security information event management (SIEM) systems. It requires no changes to application code, modifications to network configurations or hardware appliances. Waratek JAS uses industry-standard, Oracle Licensed Technology and can be deployed in monitoring or blocking mode.

Zero Day Attack Protection

To protect applications against malicious activity including SQL Injection, abnormal file manipulation or unexpected network connections, Waratek JAS uses a small set of rules that provide broad coverage against attacks from outside the application and quarantine illegal operations inside the application. This approach also defends against Zero Day vulnerabilities since it traps the application behavior, independent of the threat vector, without having to wait for a patch to be coded, tested and implemented. A simple black list rule can be implemented to provide virtual patch protection against new vulnerabilities, without the need to stop the application or make any code changes. Since it has end-to-end visibility of Java applications, Waratek JAS provides protection at every stage of the attack lifecycle including:

  • Inspection of risky API calls and network access
  • Detection of vulnerable code
  • Mitigation of vulnerabilities
  • Quarantine of sensitive operations
  • Isolation of resources and data

“According to industry sources, custom Java applications contain between 5 to 10 security vulnerabilities per 10,000 lines of code, which is a huge problem since many of these programs are used by financial institutions and large enterprises to run key pieces of their business, ” said Brian Maccaba, CEO of Waratek. “With Waratek JAS we have reduced the Java attack surface to a small well-defined space that allows us to monitor and protect against third party software vulnerabilities, internal threats and external attacks – all without making any changes to existing applications.”

Virtual Patching

To enable organizations to minimize the risk and operational overhead associated with applying critical application patches, Waratek provides “virtual patching” until updates can be installed. This capability not only enables controlled patching so updates can be properly tested, but also addresses legacy security threats. For example, third party Java code running in older applications may be end‐of-life and unsupported, leaving known vulnerabilities unpatched for months or years.

Availability and Pricing

Waratek JAS is available immediately. Pricing is per protected application per month.

Resources:

Video: http://www.waratek.com/security

Whitepaper: http://www.waratek.com/security/whitepaper

Corporate Profile: http://www.waratek.com/about

About Waratek

Waratek makes Java enterprise applications more secure and easier to manage. The Waratek Java Application Security platform provides transparent, run-time application self-protection against business logic and network layer threats. The Waratek CloudVM enables organizations to deploy multiple Java apps on a single server within Cloud or datacenter environments to dramatically reduce operating costs. Waratek is a SWIFT Innotribe Top Global Innovator and Gartner Cool Vendor in Application and Integration Platforms. The company is headquartered in Dublin, Ireland with offices in London, New York, Sydney, Tokyo, Shanghai, Taipei and Seoul. For further information please visit www.waratek.com.

1 Gartner, Inc. Runtime Application Self-Protection: A Must-Have, Emerging Security Technology, 24 April 2012 by Joseph Feiman

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...