Continuous Protection

Contrast enables applications to defend themselves through instrumentation by using our Protect feature.

Contrast Protect is a run time application protection (RASP) solution able to identify and block application attacks from within a running application. Rather than attempting to build a perimeter around an application, like most legacy application protections (WAFs) do today, Contrast Protect uses instrumentation to build the defenses directly into the application, so that the defenses are part of the application, rather than being apart from it. Once instrumented, Contrast Protect analyzes all application requests, including APIs, and will identify, report and block on any attacks it sees.

Instrumentation

Instrumentation is a technique that Contrast uses to add defenses into an application. Contrast adds two types of objects. The first are sensors, which observe attack payloads and corresponding application behavior. This enables the ability to identify and report on application attacks and application behaviors. The second are actuators, which enable applications to block malicious activity from within the application. Identical in approach to application performance monitoring (APM) tools, like New Relic or AppDynamics, Contrast uses safe, proven approaches to adding protection capabilities to an application.

Accurate App Threat Intel

The largest benefit to Contrast’s instrumentation approach over a perimeter based approach is the quantum leap in accuracy when detecting attacks. Instrumentation provides an unfair advantage when it comes to the context of what’s happening within an application when it receives an attack. Seeing how the application responds prior to having to make a blocking decision allows Contrast to collect as much information as possible before deciding to block an attack. This additional information makes all the difference when it comes to accurately identifying attacks and the danger they pose to your applications.

Enabling Protect

To get started with Protect, the first thing you need to do is enable the Protect functionality on the agents that have instrumented the application you want to protect. This is done within the Contrast UI on the Servers page.

Find the server(s) you want to begin protecting and turn the Protect toggle ON. Enabling protection requires a Protect license, so you'll be prompted to upgrade if it isn't already licensed. Alternatively, you can manually apply a license to a single server via the row menu or in bulk by selecting which agents to upgrade, then clicking the shield icon in the action bar and selecting Apply Protection License.

When Protect is enabled, you will need to restart the application in order for the Contrast agent to properly instrument the application with Protect capabilities. Once that is completed, Contrast will begin monitoring and blocking attacks. The server will now have a shield icon appear next to the name, indicating it has a Protection license assigned to it.

Note: Organization administrators can skip this manual step of applying licenses for their users by turning Protection ON by default for new servers by going to the Organization Settings page in the Servers section. This can be enabled for specific server environments.

Protecting an Application

Protection is applied for each agent, so in order to fully protect an application, say in a production environment, you will need to make sure that all production agents that host the application are licensed and have Protect enabled. This is most vital in production environments, since you want to make sure that all application instances are protected when they initially come online without any human intervention. As noted above, the easiest way to accomplish this is to set the organizational defaults to automatically license all production agents and enable Protection for Production environments.

Read more about Server Defaults.

Contrast Protection Policies

There are five types of policies available in Contrast Protect. They are as follows:

  • Protect Rules which allow you to set applications to monitor for attacks
  • CVE Shields which provide a standardized identifier for a given vulnerability or exposure
  • Virtual Patches which are custom defenses you define to defend against specific vulnerabilities
  • Log Enhancers which provide additional instrumentation instructions
  • IP Management where you can manage a blacklist and whitelist (trusted hosts)

Read more about these policies in our Protection Policy article.