Welcome!

Java IoT Authors: Sematext Blog, Yeshim Deniz, Elizabeth White, Peter Silva, Plutora Blog

News Feed Item

Waratek Protects Enterprise Java Apps from the Inside Out

Waratek, the Java application protection and management company, today announced Waratek Java Application Security (JAS), the first security product that monitors, detects and blocks threats from within the Java Virtual Machine (JVM). Waratek JAS enables organizations to gain visibility into malicious activity, enforce security policies and virtually patch vulnerabilities at run-time without installing any agents or modifying applications. It prevents attacks from reaching Java applications regardless of whether they target business logic or legacy Java vulnerabilities.

CLICK TO TWEET: @waratek protects #Java enterprise apps from the inside out http://bit.ly/1nvzR7M #JavaSecurity

According to Gartner, Inc.: “Applications can be better protected when they possess self-protection capabilities built into their runtime environments, which have full insight into application logic, configuration, and data and event flows.”1

Waratek JAS will be demonstrated at the Gartner Security and Risk Management Summit Booth 1127 in National Harbor, MD from June 23-26 http://www.gartner.com/technology/summits/na/security/

Current Approaches Falling Short

Traditional approaches to application protection including static code analysis, application best practices, and network devices such as web application firewalls (WAF) are unable to keep up with Java threats. Application best practices are very difficult to apply consistently, and cannot be used for third-party libraries or applications. Meanwhile, WAFs don’t understand application logic to the degree necessary to reliably block attacks, and require complex configuration and management. The recent Heartbleed OpenSSL vulnerability demonstrates how ubiquitous third party libraries have become, why they are so difficult to police and the damage they can cause.

Waratek JAS Provides Deep Visibility

To protect applications from the inside out, Waratek JAS operates at the JVM layer where it monitors every network packet, file system call and CPU instruction, while remaining transparent to both applications and network infrastructure. This deep visibility also allows Waratek JAS to log/audit activity for compliance reporting, forensics and integration with security information event management (SIEM) systems. It requires no changes to application code, modifications to network configurations or hardware appliances. Waratek JAS uses industry-standard, Oracle Licensed Technology and can be deployed in monitoring or blocking mode.

Zero Day Attack Protection

To protect applications against malicious activity including SQL Injection, abnormal file manipulation or unexpected network connections, Waratek JAS uses a small set of rules that provide broad coverage against attacks from outside the application and quarantine illegal operations inside the application. This approach also defends against Zero Day vulnerabilities since it traps the application behavior, independent of the threat vector, without having to wait for a patch to be coded, tested and implemented. A simple black list rule can be implemented to provide virtual patch protection against new vulnerabilities, without the need to stop the application or make any code changes. Since it has end-to-end visibility of Java applications, Waratek JAS provides protection at every stage of the attack lifecycle including:

  • Inspection of risky API calls and network access
  • Detection of vulnerable code
  • Mitigation of vulnerabilities
  • Quarantine of sensitive operations
  • Isolation of resources and data

“According to industry sources, custom Java applications contain between 5 to 10 security vulnerabilities per 10,000 lines of code, which is a huge problem since many of these programs are used by financial institutions and large enterprises to run key pieces of their business, ” said Brian Maccaba, CEO of Waratek. “With Waratek JAS we have reduced the Java attack surface to a small well-defined space that allows us to monitor and protect against third party software vulnerabilities, internal threats and external attacks – all without making any changes to existing applications.”

Virtual Patching

To enable organizations to minimize the risk and operational overhead associated with applying critical application patches, Waratek provides “virtual patching” until updates can be installed. This capability not only enables controlled patching so updates can be properly tested, but also addresses legacy security threats. For example, third party Java code running in older applications may be end‐of-life and unsupported, leaving known vulnerabilities unpatched for months or years.

Availability and Pricing

Waratek JAS is available immediately. Pricing is per protected application per month.

Resources:

Video: http://www.waratek.com/security

Whitepaper: http://www.waratek.com/security/whitepaper

Corporate Profile: http://www.waratek.com/about

About Waratek

Waratek makes Java enterprise applications more secure and easier to manage. The Waratek Java Application Security platform provides transparent, run-time application self-protection against business logic and network layer threats. The Waratek CloudVM enables organizations to deploy multiple Java apps on a single server within Cloud or datacenter environments to dramatically reduce operating costs. Waratek is a SWIFT Innotribe Top Global Innovator and Gartner Cool Vendor in Application and Integration Platforms. The company is headquartered in Dublin, Ireland with offices in London, New York, Sydney, Tokyo, Shanghai, Taipei and Seoul. For further information please visit www.waratek.com.

1 Gartner, Inc. Runtime Application Self-Protection: A Must-Have, Emerging Security Technology, 24 April 2012 by Joseph Feiman

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
China Unicom exhibit at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE FDD, TD-LTE), fixed-line broadband, ICT, data communica...
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togethe...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
SYS-CON Events announced today that Technologic Systems Inc., an embedded systems solutions company, will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Technologic Systems is an embedded systems company with headquarters in Fountain Hills, Arizona. They have been in business for 32 years, helping more than 8,000 OEM customers and building over a hundred COTS products that have never been discontinued. Technologic Systems’ pr...
SYS-CON Events announced today that Auditwerx will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Auditwerx specializes in SOC 1, SOC 2, and SOC 3 attestation services throughout the U.S. and Canada. As a division of Carr, Riggs & Ingram (CRI), one of the top 20 largest CPA firms nationally, you can expect the resources, skills, and experience of a much larger firm combined with the accessibility and attent...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud enviro...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldw...