English

Yulevo Sentry -Runtime Application Self-Protection(RASP)

Implant native security into applications

Request Trial

Through instrumentation technology, it integrates active defense capabilities into the application runtime environment, capturing and intercepting various threat attacks that bypass traffic detection, such as Memory Shells, SQL injection and Zero-Day attacks, enabling applications to develop strong self-protection capabilities.

https://static.yulevo.com/en-frontendcdn/assets/images/bc2da959ddfd356a420801247219077b.jpg

Challenges Overview Functions Advantages Case

Security Challenges

The number and complexity of network applications continue to increase, and the security boundaries have become blurred, making traditional security protection products hard to provide effective protection. Therefore, security must be deeply integrated into the application layer by enterprises to provide a full-lifecycle dynamic security protection for applications.

Risks from
widespread weak
passwords and
vulnerabilities

Weak passwords in applications and middleware are easily exploited by attackers.Various legacy systems and open-source libraries often contain unfixable vulnerabilities that cannot be taken offline.

Difficulty in
preventing advanced
threats with frequent
Memory Shell and
Zero-Day attacks

Traditional security protection relies on rules and signatures, featuring high FPR （False Positive Rate）and being easily bypassed. It has insufficient prevention against highly-concealed intrusion methods such as Memory Shell and Zero-Day vulnerability.

Difficulty in internal
application
governance and the
need for greater
visibility into asset
and data security

The low visibility of application assets, such as component libraries and APIs, makes asset management not able to synergistically link with intrusion monitoring and protection and difficult to quickly locate issues when they arise.

Product Overview

Yulevo Sentry RASP Product compensates for the missing internal perspective of traditional security. Through instrumentation technology, it integrates active defense capabilities into the application runtime environment, capturing and intercepting various threat attacks that bypass traffic detection, such as Memory Shells, SQL injection and Zero-Day attacks, enabling applications to develop strong self-protection capabilities. It helps enterprises discover and govern application risks, ensuring the security of applications during runtime.

The architecture of Yulevo Sentry RASP is mainly composed of three parts: Agent, Server, and Web, providing basic, flexible and solid core capability support for product services. The RASP module running inside the application has flexible expansion capabilities, supports Hot Module Replacement, adapts to running programs in various environments, and can be integrated with the installed Yulevo Agent.

Product Functions

Yulevo Sentry RASP focuses on application security scenarios and protects application security from three aspects: application asset inventory, application risk monitoring, and application intrusion protection. Yulevo Sentry RASP conducts fine-grained inventory of component libraries, APIs and other assets from the application perspective, and obtains the complete application data link; continuously monitors the vulnerabilities, weak passwords and other risks of the application and middleware, and provides hot-patching capability; based on the monitoring of the underlying calls, it can realize accurate interception of known and unknown attacks such as memory shells, SQL injection, Zero-Day attacks and so on.

Zero-Day Attack Prevention

Traditional attack detection relies on existing rules, while Zero-Day vulnerabilities are easy to bypass due to the lack of corresponding rules.

RASP detects attacks based on rule-free logical detection, capable of taking over and monitoring the underlying calls of applications. Since attacks will inevitably generate subsequent actions such as database access, command execution that cannot bypass underlying calls, RASP can effectively protect against both known attacks and unknown Zero-Day attacks.

Memory Shell Defense

Memory Shell attacks are extremely concealed and harmful, and effective defense can only be achieved through in-depth internal detection of applications.

Yulevo Sentry RASP provides three layers of protection barriers against Memory Shell attacks, intercepting layer by layer along the attack path of Memory Shells to achieve comprehensive protection against both attempted injection and injected situations.

Application Hot Patch

Aiming at the high costs, significant impact, and slow coordination of vulnerability repair, Yulevo Sentry RASP provides patch repair for running applications without restarting them, and updates corresponding repair capabilities in real time for newly erupted vulnerabilities, efficiently supporting emergency response to hot-spot vulnerabilities.

Weak Password Detection

Yulevo Sentry RASP monitors weak password logins through user's login behaviors, supports weak password detection for applications and middleware, and can set detection rules according to enterprise requirements.

It identifies weak passwords during the login process passively without active scanning, thus avoiding problems such as account locking, and can obtain plaintext for more accurate detection and comparison.

Data Link Monitoring

Yulevo Sentry RASP obtains complete call chains of applications, understands the data transmission chain of APIs, and thus achieve excellent code positioning effects in data tracking.

It presents the microservice topology in applications, thereby understanding service call relationships and discovering call risks. It also presents the access relationships between different applications and discovers abnormal access connections.

Component Inventory Detection

With frequent vulnerabilities in open-source components, the supply chain security of applications has attracted much attention.

Yulevo Sentry RASP monitors the actual calling situations of component libraries during application runtime, obtains versions of component libraries and analyzes existing risks, providing complete component library security governance and avoiding supply chain attacks.

Product Advantages

Superior Protection

The product runs inside applications to monitor interface calls, with much higher success rates than boundary interception.
Minimal Business
Disruption

The agent can be easily installed and uninstalled without business restart, having no disruption on other service processes or business codes.
High Compatibility

The product is compatible with all Java versions and other Java Agents,without affecting existing system functions.
Strong Module
Extensibility

The plugins are independent, flexibly extensible, and equipped with dynamic switching mechanisms to ensure minimal resource occupation.