The Technology Called Runtime Application Self-Protection (RASP)
A security technology that is built on or linked into an application runtime environment, and is capable of controlling application execution, and detecting and preventing real-time attacks,” This is how Gartner defines runtime application self-protection
To prevent attacks at runtime by monitoring RASP security products is integrated with an application and traffic is analysed based on user behaviour. When an attack happens, it detects and RASP product issue alerts, blocks application execution. Sometimes it virtually patches the application to prevent further attack. They typically integrate with an application, which gives them function-level visibility into the application. This visibility allows them to identify attacks and block those actions that constitute legitimate threats.
Why Runtime Application Self-Protection (RASP)?
Since zero-day defects are on the rise, organizations are turning to runtime application self-protection. In 2016 researchers at Forrester discovered new open source component vulnerabilities, representing a 10% increase over 2015. RASP tools can thwart attacks that target these newly discovered vulnerabilities.
Who can benefit from RASP solutions?
IT Security leaders. Runtime application tools use deep analysis of an application to block potentially malicious behaviour. Security leaders can use this deep analysis to understand common vulnerabilities and adjust their policies, and other mitigation efforts accordingly.
Security stakeholders. RASP tools can be used to track the exploits on vulnerabilities in applications. This data can help stakeholders and report defects back to third-party software vendors, and evaluate a vendor’s code quality.
Developers. RASP gives more information about where a vulnerability resides in a codebase developer will need this actionable data to re-mediate existing vulnerabilities, as well as learn how to avoid creating such vulnerabilities in the future.
A RASP solution should have,
- Visibility into the application beyond web traffic and web server. So any data in transit, RASP must de-code that data before they can properly analyze it for malicious content.
- RASP tools should have code-level visibility, so they can accurately identify attacks, and analyse all incoming, reduce false negatives.
The right RASP solution is ideal for organizations to solve key persistent issues facing AppSec and DevSecOps teams and protecting them from vulnerabilities, whether applications are home-grown or purchased and integrated. Once deployed RASP can serve as an additional layer of protection for applications.