KNOWLEDGE
HUB
14
Vo l u m e 3
Issue 10
Vo l u m e 3
KNOWLEDGE
HUB
Issue 10
purpose of runtime application self- with signature-analysis and pattern
protection (RASP) is to run alongside matching for known payloads. This
or better yet, inside the execution of leaves application code—the root
application code. cause of where the vulnerabilities
By offering this ‘in-app’ protection, live—untouched and unaddressed.
RASP is capable of defending against When only operating at the network
threats to the entire application stack: layer, IT teams have to deal with the
business logic, open-source libraries, trade-off between the risk of blocking
third-party frameworks, and even the legitimate traffic or having to manage
runtime platform itself. In addition a flood of erroneous alerts, without
to the added layer of defense for actually solving the root cause of their
production applications, the close security concerns.
proximately of RASP solutions can While there may not be a Level
also allow users to deploy virtual 8 in the OSI model yet, security
patches and remediate vulnerabilities engineers can and should move
that may have been inadvertently proactively to protect their enterprise
introduced during development. applications by moving protection
Traditional application security, like inside the application code—after
the web application firewall detects all, application code is the last and
attacks by detecting exploits, but ultimate line of defense between a
accurately blocking them is where it cybersecurity thread and a successful
gets tricky since network firewalls can exploit. Fix the code and you fix the
only operate upon network packets vulnerability!
John Adams is chief executive officer of Waratek. As CEO, John has complete
responsibility for developing markets and operating all aspects of the organization’s
global business. John has a rich history in security and medical technology with
his experience spanning more than two decades. Prior to Waratek, John served
as President & COO of SecurAmerica and Chairman & CEO of American Security
Programs, leading the company’s expansion into nearly three-dozen new geographic
markets and growing the company from 5 employees to over 5,000. In his career, John
has also served as SVP N. America for London-based G4S (formerly Securicor) and
held senior executive positions at US Surgical Corporation and Medline Industries.
John holds an MBA in Healthcare Administration from Webster University and a BS in
Business Administration/Accounting from Florida Southern College.
The opinions expressed within this article are the personal opinions of the author. The
facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO
MAG does not assume any responsibility or liability for the same.
CISO MAG | November 2019
CISO MAG | November 2019
15