Waratek is introducing a feature to its Java-protection platform that enables upgrading to the current version of Java without having to install Java updates or touch the apps running within the Java virtual machine.
The latest version of its AppSecurity for Java uses secure virtual containers around the entire Java application stack to apply the security and performance features of the current Java 8 platform’s security and performance levels without having to install Java 8, the company says.
The alternative would be to replace the Java Runtime Environment (JRE) and upgrade the application code directly. That would involve taking the application offline while the upgrades are performed.
AppSecurity for Java is a Runtime Application Self-Protection (RASP) platform container with a rules engine that imposes the security features of the latest Java version so the application is protected. AppSecurity can receive security updates over time to revise the rule set, again without having to take the protected applications offline.
Imposing the rules via AppSecurity creates a performance hit of less than 3%, which is the worst case if the application is under attack, says James Lee, the chief marketing officer for Waratek. Because the container is aware of the application and its legitimate uses, it returns no false positives about attacks, he says.
The platform can send alerts to admins via management consoles or to SIEMs customers may have installed.
Waratek AppSecurity for Java is available now. Annual licensing is based on the number of Java machines protected and the total number of licenses bought.