Automated Policy Creation

Automated Policy Creation

While NextGen Static Analysis leverages the Code Property Graph to find vulnerabilities in development, Protect uses it to extract the attack surface of the application to protect against it using a micro-agent in runtime environments. Protect can be integrated with build systems to automatically generate bespoke security policies for every version of every release. You no longer have to tune any WAF or RASP policies - yeah!

 

IAST Mode: Confirm Reachability in Staging

In QA environments, Protect can leverage test traffic to confirm which of the routes the micro-agent knows are vulnerable can actually be reached. This helps prioritize remediation and enables developers to focus on actual vulnerabilities that could be exploited.

Analyze the entire application

Protect Mode: Block the Application in Production

In production, Protect’s micro-agent can alert or block exploit attempts. Unlike legacy web application firewalls, Protect is highly accurate because its security policies are generated from code analysis performed in development. This means Protect knows exactly which routes are vulnerable and which aren’t and can confidently block and alert with precision.

Minimal Performance Impact

Unlike agents for application performance monitoring and legacy security tools, the Protect micro-agent is extremely lightweight. The mico-agent is informed by NG SAST to understand exactly where the application is vulnerable. This enables Protect to focus only on vulnerable routes. Protect is therefore able to precisely secure the application with virtually zero latency and negligible RAM and CPU footprints.

Resource
Impact
ShiftLeft
Protect
Legacy RASP
+ Analysis Tool
Legacy RASP
Tool
Legacy
WAF
CPU
Utilization
2% 13% 3% 30%
Memory
Utilization
35 MB 64 MB 50 MB < 10%
Variance
Latency
Impact
2 MS 144 MS 11 MS 613 MS
Calulations based on SQL injection payload traffic for Java Vulnerable Lab Application
  Low Impact
  Medium Impact
  High Impact

Language Support

Protect currently supports applications written in Java and Scala. Javascript, C# and Python are coming soon.

Workflow Integrations

Workflow Integrations

Free for an Unlimited Number of Apps & Frameworks

ShiftLeft NextGen SAST is free for up to 200,000 lines of code and 300 scans per year.

Get Started