A Dublin-based security vendor is offering a new cloud-based service to offer a new type of Java application server that protects itself from cyber-security theats.
Waratek’s Java Application Security product promises to monitor, detect, and block threats from within a Java Virtual Machine. Operating at the virtual machine level, it examines each network packet, file system call, and CPU instruction without any need to change application code or configuring of hardware appliances.
Java has long been a popular choice among web developers and mobile device software makers for its ability to create cross-platform multimedia elements using an object-oriented language. By creating a virtual Java machine on any computer architecture, an application can be programmed once and run on any operating system or web browser that happens to open it. But Java’s long history means its core architecture was designed before modern security risks were known and the fact it’s used on more than 3 billion devices worldwide makes it a huge target for hackers.
Acquired by Oracle Corp when it bought Sun Microsystems, Java was one of the big security headaches for enterprise security specialists in 2013. A report from Kaspersky Labs shows more than 160 vulnerabilities (six of them considered critical) were detected over a 12-month period. There were 14.1 million attacks targeting Java exploits detected by Kaspersky during that time, affecting more than 3.5 million users. Canada was among the countries with the fastest-growing number of attacks.
Facing a Java attack is a huge concern for enterprises as it could mean a hacker gains control of their applications. That could lead to either wider access to an enterprise system, or hi-jacking of a legitimate customer-facing application for the purposes of distributing other malware.
Analyst firm Gartner Inc. describes Waratek’s new offering as a new category of security service, dubbed run-time self protection. Since it’s embedded within the application’s runtime environment, the service can provide full reporting to enterprises using it.
Prateep Bandharangshi, director of client security solutions for Waratek explains the service in this video:
Pricing of Waratek’s platform is done on a per-application basis, and billed monthly.