Share

US Fortune 100 Company sought Waratek’s virtualization technology to remove vulnerabilities as detected by PCI frame-works.

Legacy Java and PCI Compliance

The following test case was executed against a Java application running on the server estate of a US Fortune 100 financial services company. The goal of the test case was to demonstrate how Waratek, through its virtualization technology, removes vulnerabilities as detected by PCI frame-works. Qualys was used as the PCI audit tool.

The Company had a considerable issue with legacy Java and, as a result, consistently failed to meet the requirement of the PCI standards council.

For this test, a legacy Java 6 application was identified as the test candidate. Prior to Waratek’s on-premise deployment, Waratek created a reference environment based on the exact Java and Tomcat versions and their recorded configurations to mirror the target application system to be upgraded. Actual Waratek installation and Tomcat validation took less than 10 minutes.

A Qualys scan was run on the reference environment before and after Waratek installation, with the following results:

After installation in the reference environment, all of the 29 Java 6u19vulnerabilities identified by Qualys were remediated by containerizing the legacy Java 6 version inside an up-to-date and secured Java 8 host.

As a result, the environment could be considered as fully security compliant.

Waratek’s unique approach to application security resulted in the remediation of years of vulnerabilities and the updating of an out-of-date Java JRE without changing a single line of code.

Performance overhead while in normal operating mode improved by nearly 7% and increased by less than 2.5% while under attack.

The application owners can expect to see an elimination of false positives. The company will also gain operational efficiencies from being able to live patch without shutting down the application – reducing patch times, costs and the risks associated with delays in patching.

 

CLIENT SUCCESS STORY

AT-A-GLANCE

Remove vulnerabilities as detected by PCI frameworks.

AFTER INSTALLATION OF WARATEK ALL 29 JAVA VULNERABILITIES IDENTIFIED BY QUALYS WERE REMEDIATED, CREATING A FULLY COMPLIANT ENVIRONMENT.

Related Resources

Case Study
Financial Services Institution Saves Time and Costs with Virtual Patching
Learn More
Case Study
Financial Services Company Remove Vulnerabilities as Detected by PCI Frameworks
Learn More
Case Study
Global Financial Institution Improves Security and Operations Without Code Changes
Learn More