The Pros and Cons of RASP in 8 Minutes

Andrea Swaney

Andrea Swaney is the Senior Director of Product Marketing and Alliances. She has spent the last 10 years with security startups in leadership roles including Sales, Business Development and Alliances. When not working to secure the web, Andrea is likely to be found reading about or drinking wine, or on a vineyard somewhere in California or France.

There are two concerning data points in application security today. First, the Verizon Data Breach Investigation Report identified web applications as the leading cause of confirmed breaches in 4 of the last 5 years. Second, the DevSecOps 2018 Community survey found that even among high-performing DevOps organizations, 33% of organizations experienced or suspected a web breach in the last 12 months. Clearly, web applications and APIs are being left undefended.

To defend applications at runtime, a new class of defense was born under the name of Runtime Application Self Protection, or RASP, mostly due to the failures of web application firewalls to solve similar problems. While this new space has been up-and-coming for a few years, the truth is this: most RASP approaches don’t get it right. In this video we break down RASP architecture limitations and evaluate the main areas that many RASP solutions struggle with, including:

  • Deployment limitations and coverage issues
  • Performance impact and overhead
  • Compromised reliability due to complexity

At Signal Sciences, we provide a RASP that is flexible in deployment, has the lowest performance impact in the market and delivers a highly scalable and reliable solution trusted by the largest companies on earth. In short, Signal Sciences has a RASP that gets it right.



Blog: Dear RASP: We Need to Talk About the Friction in Our Relationship

Datasheet: Signal Sciences RASP

Report: DevSecOps 2018 Community Survey