Security is traditionally a game of “us vs. them”: defending resources and data inside some invisible perimeter from malicious attacks outside of that perimeter. Technology has evolved and attackers have adapted exploits and techniques, but the primary security model remains the same. It’s time for companies to explore next-generation alternatives capable of providing better protection against modern threats.
When it comes to running Web-based applications, the idea of us, them, inside, and outside loses relevance—especially for public-facing servers or applications. The whole point is for “them”—those untrusted people “outside” of the internal network—to access and run the applications. You can’t simply block those applications from the Internet or prevent people from connecting to them.
An ITBusinessEdge article explained, “IT security has clearly turned into a game of cat and mouse. The problem is that because IT organizations have little to no visibility when it comes to what is happening inside an application in real time, their ability to proactively respond to potential threats is severely limited.”
HP proposes a different approach with RASP (Runtime Application Self Protection). Gartner defines RASP as a “security technology that is built or linked into an application or application runtime environment, and is capable of controlling application execution and detecting and preventing real-time attacks.”
With RASP organizations can insert run-time code into applications that enables IT to monitor activity and behavior through HP Application Defender. Rather than relying on specific malicious code, or signatures of known attacks to identify problems, RASP allows organizations to analyze user actions in real-time, detect anomalous behavior, and monitor logic flow to identify potential attacks.
Traditional defenses like Web application firewalls (WAP) still provide a valuable layer of protection. They are effective at detecting and blocking known threats, but organizations need an additional layer to defend against malicious queries designed to bypass signature-based filters. HP claims that HP Application Defender and RASP provide context from inside the application.
I’m not sure Odd Todd is an authority on network or application security, but he hasn’t been wrong about other things so far, so I’ll give him the benefit of the doubt. If you have Web applications that need protection, you should take a look at HP Application Defender and see if it’s the right tool for you.