Protect

Protect is a defensive control for production environments that monitors attacks and actively defends applications based on specific vulnerabilities, for example, command injection.

It offers Runtime Application Self-Protection (RASP) that complies with NIST 800-53, PCI-DSS, PCI-SSS, and other industry standards. Protect operates directly inside runtimes such as Java, .NET, .NET Core, Node.js, Ruby, Python, and Go to leverage in-app intelligence without any manual tuning.

Contrast Protect blocks both automated and advanced threats attacking web applications and API, and provides valuable and timely application layer threat intelligence across the entire application portfolio.

This image shows the Protect workflow

How Protect works

Contrast Protect works inside application software to understand complete data flow rather than network traffic. Instead of only analyzing incoming data, Protect sees the same data and watches its impact on underlying actions, such as complete SQL queries, command arguments, and more.

This analysis improves detection accuracy, separating the noise of many attacks that might be false positives to focus on attacks that met their intended target. This insight can be shared with external systems, such as a SIEM, to focus on key attack events.

Protect limits its impact on application performance by operating with the same shared memory as the application to avoid additional overhead. Contextual defense improves performance by avoiding unnecessary actions. For example, NoSQL applications do not need checks against SQL injection if the SQL APIs are never invoked.

Customization

When Protect is enabled, you can customize these policies and rules: