Protect
Protect is a defensive control for production environments that monitors attacks and actively defends applications based on specific vulnerabilities, for example, command injection.
It offers Runtime Application Self-Protection (RASP) that complies with NIST 800-53, PCI-DSS, PCI-SSS, and other industry standards. Protect operates directly inside runtimes such as Java, .NET, .NET Core, Node.js, Ruby, and Python, to leverage in-app intelligence without any manual tuning.
Contrast Protect blocks both automated and advanced threats attacking web applications and API, and provides valuable and timely application layer threat intelligence across the entire application portfolio.
How Protect works
Contrast Protect works inside application software to understand complete data flow rather than network traffic. Instead of only analyzing incoming data, Protect sees the same data and watches its impact on underlying actions, such as complete SQL queries, command arguments, and more.
This analysis improves detection accuracy, separating the noise of many attacks that might be false positives to focus on attacks that met their intended target. This insight can be shared with external systems, such as a SIEM, to focus on key attack events.
Protect limits its impact on application performance by operating with the same shared memory as the application to avoid additional overhead. Contextual defense improves performance by avoiding unnecessary actions. For example, NoSQL applications do not need checks against SQL injection if the SQL APIs are never invoked.
Customization
When Protect is enabled, you can customize these policies and rules:
Protect Rules: Set applications to monitor for attacks.
CVE shields: Specify CVE shields that block vulnerabilities.
Virtual Patches: Define custom defenses against specific vulnerabilities.
Log Enhancers: Provide additional instrumentation instructions.
IP Management: Manage a denylist and allowlist (trusted hosts).