Understanding and Selecting RASPBy Adrian Lane
So what is RASP? Runtime Application Self-Protection (RASP) is an application security technology which embeds into an application or application runtime environment, examining requests at the application layer to detect attacks and misuse in real time. RASP functions in the application context, which enables it to monitor security – and apply controls – very precisely. This means better detection because you see what the application is being asked to do, and can also offer better performance, as you only need to check the relevant subset of policies for each request.
From the paper:
There is no lack of data showing that applications are vulnerable to attack. Many applications are old and simply contain too many flaws to fix. You know, that back-office application that should never have been allowed on the Internet to begin with. These applications are often unsupported, with the engineers who developed them no longer available, or the platforms so fragile that they become unstable if security fixes are applied. In most cases it would be cheaper to re-write the application from scratch than patch all the issues, but economics seldom justify (or even permit) the effort. Other application platforms, even those considered ‘secure’, are frequently found to contain vulnerabilities after decades of use. Heartbleed, anyone? New classes of attacks, and even new use cases, have a disturbing ability to unearth previously unknown application flaws. We see two types of applications: those with known vulnerabilities today, and those which will have known vulnerabilities in the future.
But the real audience for this technology is developers who want to build security into their applications. As more and more software development shops embrace automation, RESTful APIs are no longer optional. Security products that only offer partial functionality from their API interface, or only provide SOAP-based APIs, fail to meet current market requirements. To add value for development teams, security needs to be fully integrated with the application and the build process that constructs it. As applications leverage the cloud and virtualization, and embrace micro-service architectures, it has become clear that security needs to function as, auto-scale with, and replicate alongside, applications.
RASP meets these requirements as few other security products can. Its key value is that users who need it can fully integrate it into the context of their environment, with their particular needs and process.
We would like to heartily thank Immunio for licensing this content. As always, if you have comments or questions, you can either post them on our blog as a comment or email us at info at Securosis, appending dot com.
Download here: Understanding and Selecting RASP