000037120 - RASP Installation on Analytics Servers

Document created by RSA Customer Support Employee on Apr 9, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037120
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Forensics
RSA Version/Condition: 6.0
 
IssueA customer may ask how to implement RASP on a WTD Web-enabled server.

Here is sample customer request --

We are required to implement RASP on all our web-enabled WTD servers. Although RASP is not compatible with nginx, the RASP team is saying there's a potential to use Java in lieu of any web server configurations. The RASP team needs to know where to set Java Options for the application(s).  RASP settings usually would go in the same location where the JVM memory settings are set.  We need to determine if this is a plausible solution for implementing RASP.
ResolutionWe don't really see a place for RASP with our WTD system. 

There is no JVM enabled for an HTTP serving application. 

nginx is only a proxy and we are not using Java for nginx. There is likely not anything could be recommended for a RASP implementation as WTD is not a java application but python based scripted HTML content served through nginx... 
and the UIServer, whose function is to hold bits of web content together and serve it to the siteproxy..... 

in Java whole application is inside the jvm.. and we do not have any component that serves HTTP(s) to external sources that is within a JVM.

Cassandra is not a web application and is within a jvm. 


In summary, there are not any accessible web servers in WTD.




 
NotesWhat is RASP?

Runtime application self-protection (RASP) is security software that integrates with an application or its runtime environment during execution and constantly intercepts calls to the application to check their security, permitting those deemed safe and blocking those that could indicate an attack. RASP can protect against application attacks such as SQL injection because it can make sense of the commands involved and distinguish normal sequences from suspicious instructions or requests.

Source https://whatis.techtarget.com/definition/runtime-application-self-protection-RASP

Attachments

    Outcomes