Waratek has launched a new feature that allows businesses to comply with 2018 PCI Compliance for TLS standard 1.2 with no code changes required.
Solution is Futureproofed for Next Set of Requirements
DUBLIN and ATLANTA – July 11, 2017 – Waratek, the virtualization-based application security company, has launched a new feature that allows businesses to comply with long-delayed Transport Layer Security (TLS) standard 1.2 without having to rewrite web applications. Applications that run on Waratek’s Application Security Platform will also automatically utilize TLS 1.3 as well as any other compatible encryption protocol and cipher suite that becomes available in the future enabling 2018 PCI Compliance.
Delayed since 2016, the PCI Standards Council has set a compliance deadline of June 30, 2018 for companies to replace the two-decade old Secure Socket Layer (SSL) and early TLS protocols that are broken and vulnerable to critical attacks but are widely used today. The deadline for complying with TLS 1.3, which is gradually becoming available in more and more products and platforms, is expected to be announced prior to the end of 2017.
Waratek’s new feature allows legacy applications to use the latest and most stable TLS protocols and cipher suites without the need to recompile their source code or migrate to a newer platform. For example, Waratek’s patented, virtual container architecture allows legacy Java versions (such as Java 5 and 6) to run as guest JREs inside a host JVM. With this feature enabled, the application no longer uses its own out-of-date TLS protocols, but rather offloads this functionality to the most current and patched host JVM. The feature helps enterprises become instantly compliant with the latest standards and to stop using older and broken versions of SSL and TLS.
“Recompiling an application or migrating to newer platforms is not possible in many cases, and it’s certainly not scalable in enterprise environments where thousands of applications are deployed on all possible versions of Java and .NET platforms,” noted Waratek Founder and Chief Technology Officer John Matthew Holt. “Our solution gives you the benefit of running on the latest, most secure platform with the newest TLS protocols without the time, risk or expense of a major application security project.”
Waratek’s 2018 PCI TLS Compliance Solution offers several unique benefits:
- Applications that need the latest cryptographic and encryption protocols and cipher suites do not need to be rewritten, redesigned or recompiled
- Legacy applications that have been poorly developed to specifically utilize an older, broken SSL or TLS version can be automatically upgraded to use the latest TLS version
- Enterprises do not need to change the Java version of their application nor to migrate to another JVM platform
- Applications are automatically protected against common cryptographic vulnerabilities such as “Use of a Broken or Risky Cryptographic Algorithm” (CWE-327) and “Inadequate Encryption Strength” (CWE-326).
As with all Waratek solutions, customers receive instant, out-of-the-box protection from the 2013 OWASP Top Ten and other common exploits such as unsafe deserialization, backed by a no false positive financial guarantee. Customers also benefit from instant virtual patching and virtual platform upgrade capabilities without code changes or routine tuning.
Waratek’s TLS Compliance feature is available globally.
Waratek has received the 2017 CDM INFOSEC Leader Award for Application Security, was named 2016’s Best Application Security Solution by Government Security News and is the winner of the 2015 RSA Innovation Sandbox Award. JavaWorld notes that “Waratek is the only vendor that can boast of a large-scale production deployment with a Tier 1 global investment bank, the most significant deployment of (runtime protection) that exists for Java technology today.”
Waratek is based in Dublin, Ireland and Atlanta, GA.
Mike Gallo for Waratek