Page 85 - Cyber Warnings
P. 85
A well informed, scoped and executed proof of concept is absolutely essential in the vendor
selection process, but just as importantly for enterprise customers is a proven track record in
production and customer references. The claims of some RASP vendors demand careful
scrutiny.
A common critique of RASP is the expected performance impact of runtime analysis and
protection. Early implementations of RASP could cause as much as 10% increase in response
times within the application tier and so were generally deployed to applications with SLAs that
could accommodate such degradation.
Performance is constantly improving with many vendors now claiming 5% or less impact on
application response times. In general, other bottlenecks in the technology stack make far more
significant contributions to performance loss and response times for example, database access
or internet latency.
It should also be remembered that rewriting insecure code to carry out the kind of protection
delivered by RASP will in most instances cause a similar impact to performance.
The Current State of Play
In 2014 and 2015 a number of RASP vendors announced commercial engagements that set the
stage for RASP to be fully tested in enterprise production environments. In most instances we
find the majority of those RASP vendors and their deployments have met the expectations of
their customers and piqued the interest of their competitors.
These early adopters are now driving the direction of RASP technologies and reaping the
benefits RASP. We can expect the rate of adoption of RASP to continue to increase in 2016
especially in heavily regulated sectors that are seeking innovation to meet the demands of
global, regional and state regulators in the most cost efficient manner.
Key sectors where we can expect RASP to flourish fist include the Financial sector, Health and
Defence.
About the Author
Hussein Badakhchani is a Distinguished Technologist with over 20 years
of experience in IT spanning software development, system integration, IT
architecture and design, DevOps, IT strategy and innovation.
As a thought leader and trusted advisor, Hussein provides critical analysis
of technology and its use to executive IT decision makers in Government,
Banking and Financial sectors.
85 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
