Prevoty: Safeguarding Applications from Within

With technology as a catalyst, corporations are marching furiously towards digital innovation and expanding its information-sharing capabilities. This growth and openness exposes the organization to a number of security threats like SQL injection and cross-site scripting. Vulnerabilities may exist at any one of the various layers of the organization—from network infrastructure and endpoints to, most recently, the application layer. Whereas the first two categories might need little or no collaboration within the organization, application security requires significant cooperation between development and security teams. Prevoty was founded in 2013 in an attempt to bridge the gap and is headquartered in Menlo Park, California. “Application security needs contribution from both application builders and defenders. Prevoty begins by embedding security within the application,” establishes Julien Bellanger, Co-founder and CEO, Prevoty. With a broad range of solutions, Prevoty offers its customers the ability to gain comprehensive visibility into an application’s security events in production and stop those attacks in real-time.

By ensuring parallel functioning of the development, security testing and remediation phases, Prevoty expedites product delivery and time-to-market. “At this stage, if the application is found vulnerable to threats, it can be released without schedule delays, as the application is embedded with Prevoty’s scrutinized monitoring,” explains Bellanger. Venturing deeper into their application security portfolio, highlights the features of Prevoty Application Security Monitoring & Protection—the vendor’s flagship product.

Prevoty Application Security Monitoring & Protection is a bundled package incorporating two elementary components— instrumentation and security agent. The instrumentation agent essentially captures data from the limited entry points, including browser input, database queries, and uploading systems. The actual security agent comprises an inlaid language security engine, which supports various frameworks like Java and .NET, and programming languages from Ruby on Rails to PHP and Python. Unlike the traditional pattern-matching approach, which hampers application performance drastically, Prevoty perceives input data in its actual form instead of making guesses.

Prevoty’s LANGSEC-based RASP (Runtime Application Self-Protection) solution— resides inside the app and communicates with the security engine to safeguard the application against malicious input.