For the most part, new technology is evolutionary, it advances on the innovations of the past. An example of evolutionary technology in the security world would be next generation firewall. It advanced the technology already created to provide some new capabilities.
Every so often, we see a technology that is innovative, and even rarer a truly transformational technology, or an innovation that changes the way a problem is solved and from which new technology will spring. RASP (Runtime Application Self-Protection) is just such a technology, and will change the way we look at security.
Existing security technologies fail to protect and diagnose our production applications. There are several reasons why they fail:
- Today’s application protection is, primarily, perimeter protection conducted by firewalls of different kinds, including web application firewalls (WAF). These technologies are traffic and session inspectors; they can mainly see traffic in and out of the application; for them, an application is a black box; they do not see and understand business logic flow; they do not see data flow within an application, and they do not see an application’s composition. How can they protect what they cannot see and understand?
- The perimeter is dissipating because of our increased mobility and availability of mobile devices. Where is the firewall when we work in a café, or on a train, or while walking down the street with our smartphone in hand? Where is perimeter that should be protected? How can perimeter-based technologies protect what is vanishing?
- Perimeter-based security technologies are outward-facing. They watch for outsider attacks. Yet, over the past few years, we painfully learned that the most severe attacks are often launched by insiders: our own employees and consultants. How can perimeter-based technologies protect the frontier that they are not watching?
- And if we reach out for protection technologies that are not traffic analyzers; when we attempt to use technologies such as application shielding and obfuscation, we fail once again. These technologies transform applications code in a way that inhibits reverse engineering and tampering. They are mainly focused on deterring intellectual property theft, not on attack protection. And they are invasive: they make changes in the applications’ code. How would any developer or application owner willingly allow anyone to mess with business-logic code?
RASP Will Succeed Where Others Have Failed
RASP is a unique technology that solves all the deficiencies described above. RASP, typically, gets instrumented into application runtime engine: into a JVM, .Net CLR, Apache server, etc. It becomes an additional feature of such engine, capable of detecting attacks and protecting against them. Being an integral part of the runtime, it has a comprehensive view of the logic flow, data flow, and configuration. It can be instrumented in the engine whether it runs on-premise, in the cloud, or on a mobile device (the latter is a coming capability, but coming inevitably). Perimeter is irrelevant for RASP: It is equally vigilant against insiders and outsiders. And it does not make changes to application code.
And, just as we saw multiple technologies arise from the advancement of network packet inspections, (firewalls, UTMs, web gateways, etc.), as RASP technology continues to mature, we will see other technologies spin out of its capabilities. All that makes RASP a transformational paradigm and technology, which advances application protection to an unseen level of assurance.
Learn more about RASP and how it works
This story was originally published at:
https://veracode.com/blog/... on February 12, 2016.
