Waratek wraps vulnerable Java code in security blanket
Maccaba: legacy Java code is a huge problem for financial institutions
“According to industry sources, custom Java applications contain five to 10 security vulnerabilities per 10,000 lines of code, which is a huge problem since many of these programs are used by financial institutions and large enterprises to run key pieces of their business,” said Brian Maccaba, chief executive of Waratek.
Waratek Java Application Security effectively wraps the old code in a Java Virtual Machine, which Maccaba says “reduces the Java attack surface to a small well-defined space that allows us to monitor and protect against third party software vulnerabilities, internal threats and external attacks without making any changes to existing applications”.
The software operates at the JVM layer where it monitors every network packet, file system call and CPU instruction, while remaining transparent to both applications and network infrastructure. This also allows Waratek JAS to log/audit activity for compliance reporting, forensics and integration with security information event management systems
To protect applications against malicious activity including SQL Injection, abnormal file manipulation or unexpected network connections, Waratek JAS uses a small set of rules that provide broad coverage against attacks from outside the application and quarantine illegal operations inside the application. This approach also defends against Zero Day vulnerabilities since it traps the application behavior, independent of the threat vector, without having to wait for a patch to be coded, tested and implemented. A simple black list rule can be implemented to provide virtual patch protection against new vulnerabilities, without the need to stop the application or make any code changes.
To enable organisations to minimise the risk and operational overhead associated with applying critical application patches, Waratek provides “virtual patching” until updates can be installed. This capability not only enables controlled patching so updates can be properly tested, but also addresses legacy security threats. For example, third party Java code running in older applications may be end‐of-life and unsupported, leaving known vulnerabilities unpatched for months or years.
