Prevoty: Safeguarding Applications from Within

Julien Bellanger, Co-founder & CEO
With technology as a catalyst, corporations are marching furiously towards digital innovation and expanding its information-sharing capabilities. This growth and openness exposes the organization to a number of security threats like SQL injection and cross-site scripting. Vulnerabilities may exist at any one of the various layers of the organization—from network infrastructure and endpoints to, most recently, the application layer. Whereas the first two categories might need little or no collaboration within the organization, application security requires significant cooperation between development and security teams. Prevoty was founded in 2013 in an attempt to bridge the gap and is headquartered in Menlo Park, California. “Application security needs contribution from both application builders and defenders. Prevoty begins by embedding security within the application,” establishes Julien Bellanger, Co-founder and CEO, Prevoty. With a broad range of solutions, Prevoty offers its customers the ability to gain comprehensive visibility into an application’s security events in production and stop those attacks in real-time.

By ensuring parallel functioning of the development, security testing and remediation phases, Prevoty expedites product delivery and time-to-market. “At this stage, if the application is found vulnerable to threats, it can be released without schedule delays, as the application is embedded with Prevoty’s scrutinized monitoring,” explains Bellanger. Venturing deeper into their application security portfolio, highlights the features of Prevoty Application Security Monitoring & Protection—the vendor’s flagship product.

Prevoty Application Security Monitoring & Protection is a bundled package incorporating two elementary components— instrumentation and security agent. The instrumentation agent essentially captures data from the limited entry points, including browser input, database queries, and uploading systems. The actual security agent comprises an inlaid language security engine, which supports various frameworks like Java and .NET, and programming languages from Ruby on Rails to PHP and Python. Unlike the traditional pattern-matching approach, which hampers application performance drastically, Prevoty perceives input data in its actual form instead of making guesses.

Prevoty’s LANGSEC-based RASP (Runtime Application Self-Protection) solution— resides inside the app and communicates with the security engine to safeguard the application against malicious input.

Application security needs contribution from both application builders and defenders. Prevoty begins by embedding security within the application

Featured in two different models—network model either offered via API or cloud integration with the security engine itself encased within the application. Prevoty’s partnership with Amazon offers enterprise AWS (Amazon Web Services) users exclusive and easy integration of runtime security from their Amazon accounts.

Prevoty’s high-performance solutions consume less memory and are affordable and lightweight, which encourages organizations to more efficiently allocate their security resources. Bellanger cites the example of a major global payments processing institution, which found unwieldy vulnerabilities in the production environment of their legacy applications. Given limited choices, they began comparing investment strategies of hiring resources to fix the security threats versus finding a viable product-based solution, and finally decided to go with Prevoty’s offerings. By implementing Prevoty’s runtime security technology into the organization’s applications, they were able to alleviate the vulnerabilities without additional expenditure on critical resources—time, money and people.

Bellanger values the language security engine to be their USP, which sets their service apart from other security solution providers. “The ability to monitor application security complements legacy firewall solutions and only paves way for added security,” adds Bellanger.

With a three-forked expansion roadmap— geographical, product line and partnership— Prevoty has plans to rollout to European and APAC markets by securing alliances with partner systems. “We are just around the corner of launching innovative additions to our product line of application security monitoring and protection with newer and better flavors of RASP,” assures Bellanger.


Menlo Park, CA

Julien Bellanger, Co-founder & CEO and Kunal Anand, Co-founder & CTO

Provides LANGSEC-based application security monitoring and self-protection technology that actively prevents attacks on production applications