Imperva Run-time Application Self protection (RASP) is a server-side security solution for applications, providing application security by default.
Here are 5 things to know about Imperva RASP:
RASP and a WAF are complementary
A Cloud WAF does it's work at the edge. It's good for keeping previously known bad traffic off of your infrastructure which is not only good for security but also good for saving money. However, not all bad traffic is previously known (i.e. signatures/patterns haven't been determined, bad guys are constantly changing tactics). For example, attacks targeting 0-day vulnerabilities found in your 3rd party software supply chain (e.g. Struts 2, WebLogic, etc.). Having RASP in place mitigates the risk of exploits.
For further detail see my blog post in this community.
RASP is implemented at the server level
The RASP solution is installed at the server level in the form of agents and modules. Note: It is not replacing the underlying virtual machine.
RASP inspects the application payloads before they get to the database. According to configuration RASP will either do nothing, monitor, or block exploits that it detects.
It does not require the application developers to change or add code
Imperva RASP is implemented at the server level. It does not require the developers to implement code specific integration to the RASP security analysis. By adding the security layer separate from the application code, coupled with the run-time attack insights (below), application developers can easily prioritise code remediation.
It does not require rules or learning
RASP inspects the payload data in the context of how the application will use it. It uses this contextual awareness to detect threats and provide the assurance that a particular payload will not be able to exploit any part of the application code. The ‘Language Theoretic’ approach forms an important part of the Imperva RASP solution. This means that that the solution is not machine learning and there is not any requirement to use regular expressions or other methods of defining rules or attack signatures.
There is extensive visibility into run-time attacks
With RASP you can determine which applications are actually under attack, and how, in real time. This can be effective improving risk management and remediation efforts. With the RASP logs you can determine who (the origin of the threat), what (the nature of the threat such as the SQL and payload contents), where (url, line number, stack trace) and when (timestamp down to the nanosecond). The logs are JSON format and RASP has many SIEM integrations.