/jun 7, 2016

The Future Is Now: Applications Protect Themselves Against Attacks

By Jessica Lavery

More enterprises than ever before are recognizing that software is inherently insecure. Yet, they cannot slow down their development cycles to accommodate this reality. Doing so would compromise their innovation and competitiveness. As a tradeoff, many companies end up sacrificing security.

RASP technology holds the promise of protecting applications without touching code

As a category, runtime application self-protection (RASP) promises to be a transformational technology, which will change the way companies approach application security. According to the 2016 Verizon Data Breach Investigations Report, 40 percent of breaches are caused by attacks on web applications – making web applications the largest source of breaches. Applications are the gateway into an enterprise, yet as Garnter points out in the Gartner Maverick Research report Stop Protecting your Apps: It’s Time for Apps to Protect Themselves, “modern security fails to test and protect all apps. Therefore, apps must be capable of self-testing, self-diagnostics and self-protection.”

Veracode Runtime Protection helps secure applications in production

Earlier this week, Veracode announced a new product – Veracode Runtime Protection. Veracode Runtime Protection is a RASP technology deployed as an agent to help detect common attacks, prevent the return of sensitive data to attackers, and provide insight into the attack for security operations teams. Because Veracode Runtime Protection incorporates visibility into key characteristics –such as application logic, event and data flow, and executed instructions – it is more effective than web application firewalls, reducing false positives and preventing unauthorized access to sensitive information.

Veracode Runtime Protection brings application security to the operational phase of the software lifecycle, enabling secure application deployments without additional operational maintenance. By adding protection to the operational phase, enterprises will be able to monitor or block attacks at the application layer. This will help prioritize which vulnerabilities need immediate remediation or mitigation and help improve development lifecycles. As more companies move to DevOps environments, application security is going to become a part of the full application lifecycle – from inception to production. Veracode Runtime Protection is part of Veracode’s innovative strategy to transform application security to meet the needs of a continuous delivery environment. Enterprises will continue to use SAST, DAST and software composition analysis, and will now adopt RASP technologies as well, to reduce risk, and Veracode will maintain its position at the forefront of extending application security across the entire software lifecycle to reduce risk, manage compliance and shorten deployment times for secure software applications.

Veracode Runtime Protection is being announced for early-adopter customers immediately. Learn more about Veracode Runtime Protection.

Related Posts

By Jessica Lavery

Jessica is part of the content team at Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.