Blog archive

Waratek Patch for Java and .NET Demo at RSA

The annual RSA Conference gets under way next week in San Francisco, which means the Moscone Center will be packed with infosec mavens from "the frontlines of the cybersecurity landscape." (So cool.)

The speaker list includes Kirstjen Nielsen, Secretary of the Department of Homeland Security, Christopher D. Young, CEO at McAfee, and RSA President Rohit Ghai. And topping my list of presentations: "The Five Most Dangerous New Attack Techniques, and What's Coming Next."

Expect tons of vendor announcements at this year's show, of course. One that I'm looking forward to for Java jocks comes from Waratek, the Dublin-based app security tools provider with a special focus on Java. The company announced this week that it will demo its new Patch tool for Java and .NET applications (booth #4341 in the North Hall).

Waratek Patch applies virtual patches for long-term and newly discovered vulnerabilities. It's a lightweight agent designed to allow security and development teams to create and apply custom patches based on scanning tools. Regular updates from Oracle, Microsoft, Apache, and other software developers can also be instantly deployed, the company said in a statement, using functional-equivalent "virtual" patches that operate just like a physical binary without delay and the risk of breaking an application.

In its announcement, the company used recent examples to underscore why application security should be a front burner issue in every organization:

"Cybersecurity breaches in the month of April are stark reminders of the need for organizations to secure vulnerabilities in their networks. Under Armour, Panera Bread, Delta Air Lines, retailers Best Buy, Sears, Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor stores are among companies reporting successful cyberattacks resulting in the loss of valuable customer data. The scale of these security breaches highlights the importance of detecting software flaws and patching vulnerable software before attackers have the chance to take advantage of a flaw."

BTW: This year's RSA includes a new "on demand" feature for those who can't make it, physically, to the City by the Bay. Lots of conference content included here, including my fav: The Cryptographer's Panel.

Posted by John K. Waters on April 11, 2018