Imperva Runtime Application Self-Protection (RASP) is a server-side security solution for applications, providing application security by default.
Here are 5 things to know about Imperva RASP:
1. RASP and a WAF are complementary
While a cloud-based web application firewall keeps previously known bad traffic off your infrastructure, what’s the best solution for mitigating the risk of unknown exploits?
You guessed it: RASP.
Imperva Cloud WAF is excellent for security at the edge (and for saving money on infrastructure costs). However, not all bad traffic is previously known (i.e. signatures/patterns haven’t always been determined, and bad guys are constantly changing tactics). There are even attacks targeting 0-day vulnerabilities found in your 3rd party software supply chain (e.g. Struts 2, WebLogic, etc.). For these scenarios, having Imperva RASP in place automatically mitigates the risk of exploits. For different security scenarios, WAF and RASP have their place as critical parts of defense in depth.
2. RASP is implemented at the server level
The Imperva RASP solution is installed at the server level in the form of agents and modules. Note: It is not replacing the underlying virtual machine.
RASP inspects the application payloads before they get to the database. According to the configuration, RASP will either do nothing, monitor, or block exploits that it detects.
It does not require the application developers to change or add code
Imperva RASP is implemented at the server level. It does not require the developers to implement code specific integration to the RASP security analysis. By adding the security layer separate from the application code, coupled with the run-time attack insights (below), application developers can easily prioritise code remediation.
4. It does not require rules or learning
RASP inspects the payload data in the context of how the application will use it. It uses this contextual awareness to detect threats and provide the assurance that a particular payload will not be able to exploit any part of the application code. The ‘Language Theoretic’ mechanism for attack detection forms an important part of the Imperva RASP solution. Essentially, the solution is not beholden to a learning phase and there is not any requirement to use regular expressions or other methods of defining rules or attack signatures.
5. There is extensive visibility into runtime attacks
With RASP you can determine which applications are actually under attack, and how, in real time. This can be effective in improving risk management and remediation efforts. With the RASP logs you can determine who (the origin of the threat), what (the nature of the threat such as the SQL and payload contents), where (url, line number, stack trace) and when (timestamp down to the nanosecond). The logs are JSON format and RASP has many SIEM integrations.
Now that you have a good understanding of the basics of Imperva RASP, you might want to check out our other blog on how the National Institute of Standards and Technology (NIST) now specifically outlines Runtime Application Self-Protection (RASP) as a control to mitigate risk due to software security vulnerabilities. The addition of this control to the NIST framework emphasizes how automated application security instrumentation is becoming even more critical.