Contrast Security today announced Contrast Enterprise, the first application security product to integrate defenses across development and operations, unifying vulnerability assessment, security visibility and attack protection throughout the application lifecycle. Now organizations can quickly assess and secure the enormous number of new, legacy and continuously changing applications that remain defenseless due to slow, inaccurate and complex first-generation application security solutions.

According to the Verizon 2015 Data Breach Investigations Report, the number one cause of data breaches throughout the last eight years has been vulnerable applications. Yet, 90 percent of applications go untested for vulnerabilities in development and QA, and almost none have adequate protection in production. Contrast Enterprise employs patented deep security instrumentation technology across an enterprise’s entire application portfolio to accurately recognize and block threats before they reach exploitable vulnerabilities. This innovative approach is often referred to as Runtime Application Self-Protection, or RASP.

“Technologies that are used today for application protection at runtime — for example, IPS and WAF — are in-line network traffic and content inspectors. They analyze traffic and/or user sessions to and from applications, but cannot see how that traffic is being processed within applications. For that, their protective measures often lack the accuracy necessary for session termination and, therefore, are used for alerts and log collection only,” noted Joseph Feiman, research vice president and Gartner fellow. “A new type of application protection technology is emerging — RASP — which resides within a to-be-protected application’s runtime environment.”

Contrast actively monitors and diagnoses attacks, delivering full visibility of the enterprise application attack surface to all stakeholders. Only Contrast delivers a fully integrated, instrumentation-based approach across the SDLC to simplify application security. This greatly accelerates delivery and gives security teams the enterprise-wide visibility needed to protect the valuable data hackers seek.

“Smart application security strategy involves both secure software development and operational defenses,” said Jeff Williams, CTO and co-founder of Contrast Security. “Contrast’s deep security instrumentation approach provides the context needed for highly accurate security analysis throughout the entire SDLC. Contrast’s threat intelligence enables software developers to design and build strong defenses, while Contrast’s vulnerability assessment powers comprehensive attack prevention in operation.”

Contrast Enterprise expands on its award-winning application security capabilities to now include the following:

Application Attack Visibility and Monitoring

  • Clearly displays and logs attacks against applications into SIEM and security analytics solutions for correlation and enterprise-wide attack awareness
  • Alerts users to dangerous attacks on critical applications in real-time
  • Provides easy-to-read security dashboards, including attack trends and detailed attack analysis that both direct defenses and prioritize remediation efforts based on real-world data metrics
  • Delivers customizable real-time application telemetry for logging and diagnostics of application behavior

Attack Protection

  • Blocks broad categories of threats, including SQL Injection, Cross Site Scripting and other OWASP Top Ten threats
  • Employs “CVE Shields,” out-of-the-box defenses that protect applications from known and dangerous vulnerabilities lurking in open source frameworks and libraries
  • Defends custom code or newly discovered vulnerabilities until a remediation can be provided by development
  • Integrates IP blacklisting/whitelisting controls with network level application security solutions, including WAFs and firewalls

These new Contrast Enterprise features will be available Q3 2015. If you are interested in becoming a customer, please contact sales@contrastsecurity.com to request a demonstration.