Ever since we deployed to our first customer in late 2013, there have been three consistent criteria that our customers consider when they are evaluating Prevoty or other RASP technologies:
- Efficacy – does the solution accurately identify malicious behavior?
- Scalability – can the solution scale to support hundreds or thousands of applications?
- Performance – what impact does the solution have on my applications?
If the product comes up short in any of these areas, the chances of being deployed to production are dramatically reduced. Prevoty’s heritage is in protecting production applications for large enterprises, so we have been laser-focused on ensuring that our products excel in all three.
Prevoty’s security engine uses patented language security (“LANGSEC”) and data analysis techniques to instantly and accurately identify malicious behavior. There is no dependency on patterns, signatures, taint analysis, behavioral analysis or learning, meaning that even if an attack has never been seen before, it will still be caught by the security engine and dealt with appropriately. Without false positives.
From the very beginning our solution has been architected to support large-scale deployments on-premise or using our cloud-based service. Security policies across hundreds of applications are controlled from a single centrally-managed Prevoty console, and the attack intelligence from across the entire base of applications can be delivered in real-time to any configured SIEM’s.
Because the Prevoty Security Engine uses LANGSEC, a completely different approach from other products attempting to do RASP, we measure the speed of our analysis in microseconds (not milliseconds!).
In monitoring mode, the deep instrumentation of the Prevoty plug-ins allows calls to the engine to be made asynchronously, meaning no performance impact whatsoever on the application being monitored.
In protection mode, the processing must, by definition, be synchronous in order for the application to receive a cleaned payload back from the engine. So this has meant network calls to a Prevoty virtual appliance or the Prevoty cloud. For the vast majority of applications, this still does not have any noticeable impact on performance.
Announcing the Self-Contained Prevoty Engine
But we don’t rest on our laurels, so today we are taking a major step forward to support our customers with ultra-high performance requirements as we announce a self-contained version of the Prevoty engine.
Putting the engine “in-app” means that all of the processing happens inline in the application with no network calls whatsoever. So automatic protection can now be added to all applications – even those that have huge peak capacity requirements – without any concern over slowing the applications down.
We have been trialing this with a few of our customers in the financial services and eCommerce verticals and the results have been, to say the least, spectacular. Ultimately, there should not need to be a trade-off between performance and application security. For the first time, our new self-contained engine makes that possible.
As always, we welcome your comments and questions.