All 5 Ways RASP Transforms Your Application Security Program
Contrast Security

5 Ways RASP Transforms Your Application Security Program

TECHNICAL BRIEF | 5 WAYS RASP TRANSFORMS YOUR APPLICATION SECURITY PROGRAM 1 RASP DELIVERS UNPARALLELED VISIBILITY Knowing where to focus is more than half the battle when it comes to protecting production applications: Where are all the applications? What security events are happening? Are applications being attacked? Inventory Large organizations have hundreds and even thousands of applications deployed for use by customers, partners, and internal users. Creating an inventory of applications – just finding them – can be a daunting task. Contrast Protect instrumentation is installed via an agent on an application server, allowing organizations to identify all applications on every server with an agent. Simply placing a RASP agent on application servers automatically creates an enterprise application inventory. Event Logging When it comes to security events, most large organizations, and many smaller ones, have Security Information and Event Management (SIEM) solutions that gather log data from network and security devices, and from packaged enterprise applications (e.g., Oracle, SAP, and Infor). But, custom applications usually log only exceptions and debug information, and ignore security-relevant events. That’s because most custom applications are not built with security or compliance logging in mind, and efforts to retrofit that functionality compete with business pressures to advance and improve core application functionality. For legacy applications, it may even be that resources are no longer available to modify the application. RASP enables and dramatically simplifies custom application security logging. RASP instruments the entire application, and RASP policies can be created to generate log events when relevant portions of the application are accessed or other conditions are met (e.g., logins, transactions, privilege changes, etc.). Policies can also be added and removed as necessary – for example, as part of incident investigations. With RASP, all of this application logging is possible without modifying application source code or redeploying. Attacks One of the most important areas of visibility for application security professionals is attacks. Having proof that applications are indeed being attacked – and therefore need to be secured during development and protected in production – is valuable information to be shared with security and business executives. Information about attacks is also required to demonstrate the importance of application security initiatives and to validate the need for additional investments. 3 WELCOME TO THE ERA OF SELF-PROTECTING SOFTWARE | CONTRASTSECURITY.COM TECHNICAL BRIEF | 5 WAYS RASP TRANSFORMS YOUR APPLICATION SECURITY PROGRAM 2 RASP ACCURACY MEANS MORE PROTECTED APPLICATIONS Accuracy has been the main barrier preventing the widespread adoption of application security products. Today, most applications are not protected against attacks in production because IT Security and Security Operations teams are reluctant to trust network-based application security products. They generate too many false positives and require constant tuning. With improved product accuracy, organizations can protect more of their application portfolio. Protecting against application attacks has, historically, meant attempting to block them at the network level. Over the last 25 years, network protection has moved closer and closer to the application – from the firewall, to the intrusion prevention system to the web application firewall (Figure 2). That evolution has involved looking deeper and deeper into HTTP, SOAP, XML and other application-layer network protocols. The reason for this migration is simple: the better you understand applications, the more accurately you can detect and block application attacks. Figure 2: Evolution of Network-based Application Attack Prevention Network Firewall* Intrusion Prevention System (IPS) Web Application Firewall Late 1980s Mid 1990s Late 1990s * Next Generation Firewalls (mid-2000’s) blend Firewall & IPS functions RASP instrumentation delivers a level of accuracy not possible with network security approaches. It enables application security to be positioned as close as possible to the application: literally within it! Legacy network-based approaches are inherently inaccurate when it comes to understanding application behavior because they are outside of the application itself. As a result, they have to build models (i.e., approximate, assume, and guess) of what an application might do with a given input. Increased accuracy transforms the equation, allowing organizations to confidently protect more of their application portfolio with fewer resources. 4
Please complete the form to gain access to this content
Access Now