Waratek

Waratek

Category: RASP
License: Commercial
Visit Website →

Waratek is an enterprise Runtime Application Self-Protection (RASP) solution that embeds security directly into the Java Virtual Machine (JVM).

Winner of the RSA Innovation Sandbox Award, Waratek provides virtual patching, attack prevention, and compliance automation without requiring application code changes.

The platform protects applications from OWASP Top 10 vulnerabilities, zero-day exploits, and known CVEs.

What is Waratek?

Waratek addresses a fundamental challenge in application security: protecting applications without modifying their source code or impacting performance.

Traditional security approaches require either code changes (time-consuming and risky) or network-based solutions (limited visibility).

Waratek operates at the runtime level, providing deep application insight while avoiding these limitations.

The platform uses a unique virtualization-based architecture that instruments the JVM at the bytecode level.

This approach provides visibility into application behavior that network-based tools cannot achieve, enabling precise threat detection and virtual patching without the performance overhead of traditional RASP agents.

Waratek has deployed the largest production RASP implementation at a Tier 1 global investment bank, demonstrating enterprise-scale reliability.

The platform is particularly valuable for organizations running legacy Java applications that cannot be easily patched or modernized.

Key Features

Virtual Patching

Apply security fixes without modifying code or restarting applications:

  • CVE Remediation: Patch known vulnerabilities instantly
  • Zero-Day Protection: Block exploit patterns before patches exist
  • Library Patching: Fix vulnerabilities in third-party dependencies
  • Framework Coverage: Protect Struts, Spring, Tomcat, and other frameworks

Attack Prevention

Block attacks at the runtime level:

  • SQL Injection: Context-aware detection and blocking
  • Cross-Site Scripting (XSS): Prevent malicious script injection
  • Deserialization Attacks: Block gadget chain exploits
  • Remote Code Execution: Prevent unauthorized command execution
  • Path Traversal: Stop directory traversal attempts

API Security

Discover and protect API endpoints automatically:

  • Endpoint Discovery: Inventory all APIs without instrumentation
  • Rate Limiting: Enforce request thresholds per endpoint
  • Input Validation: Validate parameters at runtime
  • Authentication Enforcement: Ensure proper auth on all endpoints

Compliance Automation

Meet regulatory requirements with built-in controls:

  • PCI DSS: Web application firewall requirements
  • GDPR: Data protection and privacy controls
  • SOC 2: Security monitoring and logging
  • HIPAA: Healthcare data protection

How to Use Waratek

Installation

Deploy Waratek as a JVM agent:

# Download Waratek agent
wget https://download.waratek.com/agent/waratek-agent.jar

# Add to Java application startup
java -javaagent:/path/to/waratek-agent.jar \
     -Dwaratek.config=/path/to/waratek.properties \
     -jar your-application.jar

Configuration

Configure protection policies:

# waratek.properties

# Enable SQL injection protection
waratek.sqli.enabled=true
waratek.sqli.action=block

# Enable deserialization protection
waratek.deserialization.enabled=true
waratek.deserialization.blocklist=org.apache.commons.collections.*

# Enable virtual patching
waratek.virtualpatching.enabled=true
waratek.virtualpatching.rules=/path/to/patches/

# Logging configuration
waratek.logging.level=INFO
waratek.logging.destination=syslog

Virtual Patch Creation

Create patches for specific vulnerabilities:

<!-- patches/CVE-2021-44228.xml (Log4Shell) -->
<virtual-patch id="log4shell">
  <description>Block Log4Shell exploitation</description>
  <cve>CVE-2021-44228</cve>
  <rule>
    <class>org.apache.logging.log4j.core.lookup.JndiLookup</class>
    <method>lookup</method>
    <action>block</action>
    <message>Log4Shell attack blocked</message>
  </rule>
</virtual-patch>

Policy as Code

Define security policies in YAML:

# security-policy.yaml
version: "1.0"
policies:
  sql-injection:
    enabled: true
    action: block
    log: true
    exceptions:
      - pattern: "SELECT * FROM users WHERE id = ?"
        reason: "Legitimate parameterized query"

  deserialization:
    enabled: true
    action: block
    allowed-classes:
      - java.lang.String
      - java.util.ArrayList
      - com.company.dto.*

  file-access:
    enabled: true
    allowed-paths:
      - /app/data/**
      - /tmp/uploads/**
    blocked-paths:
      - /etc/**
      - /var/log/**

Integration

Container Deployment

FROM openjdk:17-slim

COPY waratek-agent.jar /opt/waratek/
COPY waratek.properties /opt/waratek/
COPY app.jar /app/

ENV JAVA_TOOL_OPTIONS="-javaagent:/opt/waratek/waratek-agent.jar"
ENV WARATEK_CONFIG="/opt/waratek/waratek.properties"

ENTRYPOINT ["java", "-jar", "/app/app.jar"]

Kubernetes Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: protected-app
spec:
  template:
    spec:
      containers:
        - name: app
          image: your-app:latest
          env:
            - name: JAVA_TOOL_OPTIONS
              value: "-javaagent:/opt/waratek/waratek-agent.jar"
          volumeMounts:
            - name: waratek-config
              mountPath: /opt/waratek
      volumes:
        - name: waratek-config
          configMap:
            name: waratek-config

SIEM Integration

Forward security events to your SIEM:

# Splunk integration
waratek.logging.destination=splunk
waratek.splunk.url=https://splunk.internal:8088
waratek.splunk.token=your-hec-token
waratek.splunk.index=security

# Syslog integration
waratek.logging.destination=syslog
waratek.syslog.host=syslog.internal
waratek.syslog.port=514
waratek.syslog.protocol=tcp

CI/CD Integration

Test security policies in your pipeline:

name: Security Policy Validation
on: [push]

jobs:
  validate-policies:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Validate Waratek Policies
        run: |
          waratek-cli policy validate ./policies/
      - name: Test with Sample Attacks
        run: |
          waratek-cli test --attacks ./attack-samples/ \
                          --policy ./policies/production.yaml

When to Use Waratek

Waratek is the right choice for enterprises running business-critical Java applications that require protection without code changes.

It excels in organizations with legacy applications that cannot be easily patched, compliance requirements demanding WAF-like protection, or zero-day vulnerability concerns.

Consider Waratek if you need to protect applications using vulnerable open-source libraries, want to implement virtual patching for faster CVE remediation, or require API discovery and protection without code instrumentation.

The platform is particularly valuable for financial services, healthcare, and government organizations where application security is paramount.

For organizations evaluating RASP solutions, Waratek’s virtualization-based approach offers lower performance overhead than traditional instrumentation while providing deeper visibility than network-based alternatives.

Other RASP Tools

Contrast Protect
Contrast Protect

Application Detection and Response (ADR) Beyond RASP

Datadog Application Security
Datadog Application Security

APM-Integrated Runtime Protection

Dynatrace
Dynatrace

Full-Stack Observability with Built-in Security

Imperva RASP
Imperva RASP

Combines with Imperva WAF

See all RASP tools