Industry Innovators: Data Protection
It's all about the data. As we've said many times in the past, there would be no need for security on our networks if we didn't care about protecting the data that sit on them and travel on them. But we do. That means that, in addition to the trouble that we go to to protect our infrastructure, learn about the threatscape and, generally, spend money and time to make certain that our perimeter (such as it is) and our endpoints are well-secured, we also need to focus on the data.
“It still all comes down to protecting the data”
We have some pretty interesting and, of course, innovative companies in this batch. You likely will notice that the usual anti-malware suspects are missing. We saw next to no innovation from the traditional companies. Just about everything out there is simply new packaging. We bounce from product to product when the one we have no longer seems to be doing the job, and it's not long before we find out that the new choice is no better. Our Innovator this year is out to change that and we believe that there is a better than even chance of success.
Just because of our pronouncement above, don't think that there is only one Innovator in the anti-malware game.
Vendor Waratek, waratek.com
Flagship product AppSecurity for Java
Price Enterprise license averages £662 per application instance per annum.
Innovation A unique approach to implementing RASP.
Greatest strength Focus and significant ongoing, focused research.
Part of Waratek's uniqueness is that it came out of pure research with no particular objective. Then the founders evaluated several use cases and realised that cloud security was where it fitted. RASP – runtime application self protection – is the core of its offering but the way it does it is very interesting. Rather than filter data at runtime, Waratek virtualises the runtime. It runs in a secure virtual container. This protects the application which other approaches don't do directly.
This puts the application in a “bullet-proof jacket.” Rather than depend on pattern matching to identify rogue code, Waratek protects the entire software stack.
Waratek's product is an approach to web security that protects Java applications and sensitive data from attacks, like SQL injection, zero-day and unpatched vulnerability exploits at runtime, without code changes or hardware. The security, then, resides in the Runtime Environment by Virtualisation. The result of this non-heuristic approach is detection of attack vectors, such as SQL injection with minimal false positives.
Waratek AppSecurity for Java provides transparent RASP against malicious exploits, abnormal file manipulation or unexpected network connections using a small set of rules to quarantine illegal operations inside the application. It can be deployed in monitoring or blocking mode. The Taint Detection Engine identifies input injection attacks (such as SQL injection) that attempt to modify the logic of the outbound action.
A side benefit is the availability of threat forensics for Java applications. The tools generate an audit trail of both normal and abnormal behaviour and track all key application operations, including network and file access, process forking and code linking, among others.
Although Waratek is not the first to use virtualisation as a defence against the depredations of malware, its innovative approach to focusing on Java makes it unique.