Fortify Software

Fortify Software

Home Products Detect Vulnerabilities RTA Production

Real-Time Analyzer (RTA) In Production

The Fortify Real-Time Analyzer (RTA) monitors deployed applications in real-time to detect attacks at the instant they occur. In addition to identifying the nature, origin and timing of attacks, RTA can actively defend vulnerable applications until appropriate remediation steps are developed.

Monitor and Protect Deployed Applications

RTA enables a new, highly accurate layer of Web application security by monitoring security-critical functions and application programming interfaces (APIs) inside the Web application itself. This unique "internal firewall" approach offers critical insight into attacks as well as an unparalleled level of security.

Address PCI Compliance

RTA addresses PCI standards for an application–layer firewall. Section 6.6 of the PCI Data Security Standards currently recommends as a best practice the use of an application–layer firewall or a professional code review. In June of 2008, this is set to become a requirement. All merchants and service providers that store, process, or transmit cardholder data must comply with these standards. RTA offers the most effective, accurate, and easy to use solution for fulfilling this PCI standard.

RTA not only addresses PCI Data Security Standards but also key software security compliance requirements including OWASP Top Ten, HIPAA and more.

RTA's sophisticated technology requires minimal overhead and can be applied to any J2EE or .Net custom Web application, even those where source code is unavailable.

RTA gives you:

Always-On Security Monitoring

RTA monitors custom business web applications from the inside out so it can deliver reports on who attacked, how often, the technique used and much more for every instance of a web application. Security and Operations teams receive data on a wide variety of application attacks with a precision and depth only available through code-level technology, including attacks such as SQL injection, cross-site scripting (XSS), invalid URL probing, HTTP response splitting and more. Operations, security and development teams can also create custom white lists and blacklists for specific input fields based on design constraints, empirical data or existing knowledge.

RTA ScreenshotKnow who attacked, how they attacked, how often, and more

Application Layer Insight

RTA is an effective complement to existing security technology because it monitors within the web application itself. By placing its unique Call Site Guards™ directly at security-critical function call sites, it can give Security and Operations teams precise, detailed data whenever anomalies occur. What's more, RTA is effective and accurate because it makes use of the web application's business logic semantics, thereby eliminating the need for "learn mode" or further tuning.

No source code required

RTA works directly with the application binary — no source code or additional hardware devices are required.

Minimal Overhead

Monitoring and protecting by RTA is only invoked for security-critical functions within the Web application and has minimal impact on application performance.

Sign up for a Free Trial

Contact me about products from Fortify Software

Contact Fortify Software

Downloads

© 2008 Fortify Software Inc., Headquartered in San Mateo, CA USA, (650) 358-5600

eNewsletter Sign Up | Software Security Blog | Contact Us | Privacy