Application security is important but often underfunded compared to network security. Most attacks target applications, but developing and maintaining secure applications is challenging and time-consuming. Virtualization techniques can help improve application security by enabling faster deployment of security updates and remediation compared to traditional approaches like patching, fixing code, or rewriting applications. Virtualization allows applications to be protected instantly from new vulnerabilities or attacks.
Dev Dives: Streamline document processing with UiPath Studio Web
Improve App Security with Virtualization in Under 5K Minutes
1. Application Security
is like a
Bottomless Pit
Brian Maccaba, CEO
Highly accurate. Easy to install. Simple to Operate.
Copyright2016Waratek–AllRightsReserved
2. It is a good thing to follow
the First Law of Holes: if you
are in one, stop digging.
Denis Winston Healey, MP
Highly accurate. Easy to install. Simple to Operate.
90+% of attacks are aimed at the
application layer
Developers downloaded code
with known vulnerabilities more
than 2 billion times in 2015
Yet..
The investment ratio in network
security vs app security is 20+;1
Investing in application security
ranks 14 out of 17 priorities says
SANS
Copyright2016Waratek–AllRightsReserved
3. Three Keys to Improving Application Security
Highly accurate. Easy to install. Simple to Operate.
Speed of
Deployment
Effectiveness of
Remediation
Cost
Competitiveness
Copyright2016Waratek–AllRightsReserved
4. Speed Today
Highly accurate. Easy to install. Simple to Operate.
“Two principles underlie
all strategic planning.
Act with the utmost
concentration; Act with
the utmost speed.”
– Carl von Clausewitz
“…be swift as the wind;
as unfathomable as the
clouds, move like a
thunderbolt.” – Sun Tzu
Copyright2016Waratek–AllRightsReserved
6. Effective Application Security
Highly accurate. Easy to install. Simple to Operate.
VIRTUALIZATION TODAY’S ALTERNATIVES
OWASP TOP 10 RULES + BASIC SECURITY
PROFILE
SAST SCAN, CODE RE-WRITE
or WAF REGEX TUNING
PROTECTS THE APPLICATION PLATFORM INSTALL NEW BINARIES
VIRTUAL CRITICAL PATCH UPDATES INSTALL NEW BINARIES
APPLICATION HARDENING NO ALTERNATIVE EXISTS
ZERO DAY ATTACKS VIRTUAL UPDATE
BINARY CHANGES WHEN
SUPPLIER RE-WRITES CODE
Copyright2016Waratek–AllRightsReserved
7. Virtualization Protection <5K Minutes
8-40K Months
5-300K Months
4-30K Weeks
Cost Time
PerApplication
Traditional
Approach
Patch
Fix Code
Find Flaws
Cost Competitive Application Security
Highly accurate. Easy to install. Simple to Operate.
Copyright2016Waratek–AllRightsReserved
Editor's Notes
Thank you
I’m Brian Maccaba…
And I’m going to talk about why application security has become a never-ending process…like digging a hole that turns out to bottomless
The application layer is under attack…and traditional app security approaches cannot keep pace.
And the number and frequency of attacks is only going to increase as the IoT and mobile devices become even more prevelant.
Three areas where applicaton security must improve…and soon
First is speed…
THE CURRENT SPEED OF CYBER DEFENCE IS MUCH TOO SLOW –
THE BIGGEST WEAKNESS OF MOST SECURITY PROGRAMS IS THEY ARE MULTI YEAR PLANS WITH NO END IN SIGHT.
WARATEK CAN PROTECT A SINGLE APP WITHIN MINUTES OR CAN BE DEPLOYED ACROSS ALL APPLICATIONS IN A GLOBAL ENTERPRISE IN LESS THAN 3 MONTHS
WARATEK CAN PROTECT A SINGLE APP WITHIN MINUTES OR CAN BE DEPLOYED ACROSS ALL APPLICATIONS IN A GLOBAL ENTERPRISE IN LESS THAN 3 MONTHS
WARATEK CAN INCREASE THE LEVEL OF PROTECTION IN SIMPLE INCREMENTAL STEPS:
DEPLOY WARATEK JAVA AGENT – AUTOMATICALLY OBFUSCATES THE RUN-TIME BY APPLYING OUR UNIQUE NSLR (Name Space Layout Randomization)
2. SWITCH ON OWASP TOP 10 RULES – PROVIDES PROTECTION AGAINST EACH OF THE TOP 10 APPLICATION VULNERABILITY CATEGORIES
3. APPLY CORE DEFENCES – DISENABLE MAJOR ATTACK VECTORS SUCH AS PROCESS FORKING, XXX, YYY, AND ZZZ. This simple step eliminates risk from common weaknesses such as Strutts 2 and Apache Commons.
4. SWITCH ON APPLICATION PLATFORM SECURE PROFILE E.G. TOMCAT, WEBLOGIC ETC
5. BRING CRITICAL PATCH UPDATES UP TO DATE. If no possible to implement the new CPU binaries, Waratek provides a virtual alternative that requires no downtime.
6. APPLICATION HARDENING. Additional protections for your most sensitive applications.
7. ZERO DAY EXPLOITS. Waratek can deploy new virtual rules to defend against a zero day attack within minutes, and without requiring any restart of the application.
USING WARATEK TODAYS ALTERNATIVES
1. OWASP TOP 10 RULES + BASIC SECURITY PROFILE 1. SAST SCAN , CODE RE-WRITE or WAF REGEX TUNING (and high false positives) CODE LEVEL CHANGES TO PROTECT AGAINST STRUTTS 2, COMMONS APACHE ETC
2. PROTECT THE APPLICATION PLATFORM 2. INSTALL NEW BINARIES
3. VIRTUAL CRITICAL PATCH UPDATES 3. INSTALL NEW BINARIES
4. APPLICATION HARDENING 4. NO ALTERNATIVES
5. ZERO DAY ATTACKS VIRTUAL UPDATE TO PROTECT 5. BINARY CHANGES WHEN SUPPLIER RE-WRITES CODE