Waratek makes it easy for teams to instantly patch known flaws, virtually upgrade out-of-support applications, and protect applications from known and Zero Day attacks - all without time consuming and expensive downtime, source code changes, or unacceptable performance overhead. Using patented runtime protection technology, Waratek's application security platform is highly accurate, easy to install, and simple to operate.
Every security patch issued by Oracle, Microsoft, IBM, Apache or any other software developer starts a relay race. One team is the malicious hackers who seek web applications containing the new vulnerability to steal an organization's data. It may take attackers a few days or weeks to find a victim, but once inside a system, it will be nearly 200 days before the attack is noticed and another 60+ days before the attack is stopped. Source: Ponemon Institute 2017 Cost of Data Breach Study
The other runners are company application security and development teams. Once a routine or emergency patch is issued, it may be weeks, months or years - if ever - before a patch is fully deployed across an enterprise application. The consequences of losing the race between the hackers and the security professionals can be disastrous.
We protect apps against known and unknown vulnerabilities, including the most severe CVSS vulnerabilities that represent the most common attacks against applications today, including:
• SQL Injection (SQLi)
• Command Injection
• Cross-Site Scripting (XSS)
• File Uploads
• Cross-Site Request Forgery (CSRF)
• Path Traversal
• Dangerous Functions
Waratek provides “out-of-the-box” protection against the 2013 OWASP Top Ten and other complex, but common exploits such as unsafe deserialization attacks.
Adding the Waratek plugin takes about 15 minutes with –
• No code changes, hardware or prior knowledge of the app required
• No tuning required for “Out-of-the-Box” protections
• No impact on the performance of your application
• No false positives
Waratek’s solution is highly accurate, easy to install, and simple to operate. Using a fundamentally new approach to App Sec based on virtualization, Waratek allows you to monitor an application’s operation and block malicious attacks without slowing performance or generating false positives.
Most organizations have apps running on platforms that are no longer supported such as Java, Apache Tomcat and WebLogic. In fact the most widely used version of Java is not the most current. That’s because it’s too risky and expensive in most cases to rewrite an app’s code, despite known and unknown vulnerabilities across the entire software stack.
Waratek protects your legacy applications and legacy platforms, no matter what version of Java you use. With an easy to install .JAR file plugin you gain the advantages of a Java 8 virtual host container for legacy Java apps running in guest mode for Java 4, 5, 6 or 7.
After installation of the Waratek solution, identified vulnerabilities are mitigated:
• Without code changes
• Without prior knowledge of the application
• Without slowing the app’s performance