Security Think Tank: RASP – a must-have security technology


Security Think Tank: RASP – a must-have security technology

Applications currently delegate most of their runtime security protection to external devices, typically to network-located firewalls and intrusion prevention systems (IPSs) of different kinds. 

The protection capabilities of these external devices can be insufficient, because they lack insight into application logic, configuration, and data and event flows, which are critical for detecting and deterring attacks with the necessary high accuracy.


Applications can be better protected when they possess self-protection capabilities built into their runtime environments, which have full insight into application logic, configuration, and data and event flows. 

Runtime application self-protection (RASP) technology is emerging to offer these capabilities and fulfil these demands.

Recommendations for security professionals:

At Type A enterprises (aggressive and skillful technology adopters), consider RASP adoption in 2012 and 2013. At Type B and Type C enterprises (mainstream and conservative technology adopters), consider RASP adoption within the next three to five years.

Request application security vendors – especially dynamic application security testing (DAST), static application security testing (SAST), interactive application security testing (IAST), and Web application firewall (WAF) vendors — to deliver RASP technology, and make RASP an important criterion when selecting any of these technologies.

Request application platform and application security vendors to automate and simplify RASP installation and management – a critical issue for success in RASP adoption.

Make sure RASP is installed and operational on each runtime environment that should be protected, and tested for stability and performance.

Use RASP, WAF, or both, as they are dedicated application protection technologies (though with their own strengths and challenges).

Joseph Feiman is a research vice-president and fellow at Gartner.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in June 2012


COMMENTS powered by Disqus  //  Commenting policy