Waratek Lightweight Runtime Agent Instantly Protects Applications from Known Software Vulnerabilities
February 2018 by Marc Jacob
Waratek has announced a new lightweight runtime plugin agent that allows applications to be instantly protected from known flaws—including long-term unpatched vulnerabilities—without any code changes or taking an application out of production.
Waratek Patch, an agent for Java- and .NET-based applications, allows security and development teams to easily create and apply custom patches based on scanning tools. Routine updates from Oracle, Microsoft, Apache and other software developers can also be instantly deployed using functional-equivalent “virtual” patches that operate just like a physical binary without delay and the risk of breaking an application.
With Waratek Patch organizations can:
• Instantly patch applications with no code changes or downtime required
• Create and apply custom virtual patches from scanning tool reports
• Apply Java & .NET current critical patch updates as virtual patches
• Improve compliance with company, industry and government regulations by adding a library of virtual CPU patches to add updates that may not have been applied in the past
A virtual patch can be applied within hours of the release of a routine or emergency patch, dramatically reducing an organization’s risk profile and attack surface. Waratek currently offers a library of patches released for Java 7 and Java 8 (approximately four years of patches) that can be applied in a matter of minutes. Java 6, Java 5 and Java 4 patches will be added to the library this year.
Waratek guarantees that a virtual patch will not break an app upon installation and organizations running Patch cannot be exploited by any vulnerability that has been patched using Waratek’s solution.
Waratek Patch is one of three solutions in Waratek’s Runtime Application Security Platform. Waratek Secure offers highly accurate “always-on” protection against the OWASP Top Ten, SANS Top 25 and other known attacks with no code changes, ultra-low performance impact, and a no false positives guarantee.
Waratek Enterprise combines the features of Patch and Secure, and adds the full power of virtualization to upgrade out-of-support Java applications to the current version of Java, saving the significant risk, time, money and staff resources associated with re-writing an out of support application. Enterprise also adds full-stack security protection to .NET & Java applications while adding less than three percent performance overhead.
Waratek Patch and Enterprise are available for immediate deployment. Waratek Secure will be available in March, 2018.