Protect

Protect is a defensive control for production environments that monitors attacks and actively defends applications based on how they are vulnerable.

It offers Runtime Application Self-Protection (RASP) that complies with NIST 800-53, PCI-DSS, PCI-SSS, and other industry standards. Protect operates directly inside runtimes such as Java, .NET, .NET Core, Node.js, Ruby, and Python, to leverage in-app intelligence without any manual tuning. Other software platforms can be defended with the Proxy Agent, a layer-7 based network control.

Contrast Protect blocks both automated and advanced threats attacking web applications and API, and provides valuable and timely application layer threat intelligence across the entire application portfolio.

Contrast Protect works inside software APIs to understand complete data flow rather than network traffic -- rather than just seeing incoming data, Protect sees the same data and watches its impact on underlying actions, such as complete SQL queries, command arguments, and more.

By using this data flow, Protect can differentiate when an application is under attack through hostile data and when this hostile data meets vulnerable functions and methods. This analysis improves the accuracy, separating the noise of many attacks to focus on attacks that met their intended target. This insight can be shared with external systems, such as a SIEM, to focus on key attack events.

Protect limits its impact on application performance by operating with the same shared memory as the application to avoid additional overhead. Contextual defense improves performance by avoiding unnecessary actions: for example NoSQL applications do not need checks against SQL Injection if the SQL APIs are never invoked.

When Protect is enabled you can set the following Protect policies: