In this piece, Ed Tittle of TechTarget, dives into how, while runtime application self-protection is a mouthful, it’s also a technology that’s absurdly easy to use. He then discusses how selecting the right implementation, at the right price, is key to obtaining the best possible return on an organization’s investment. In the article, Contrast Security is mentioned alongside Veracode and WhiteHat security discussing the different pricing models of RASP.
Ed later references Jeff Williams, C0-Founder and CTO of Contrast Security, in the piece discussing how there is only negligible impact on round-trip times for request packets (and replies) with the addition of RASP. Ed concludes the article discussing how runtime application self-protection is well worth investigating for organizations that need to protect applications from attack.
"Adding instrumentation to code at runtime means adding overhead. But, as is common in instrumentation for performance monitoring and code optimization, RASP developers are keenly aware that they should impose minimal overhead on applications to which they’re added. Jeff Williams, CTO and co-founder of Contrast Security, said their own measurements on real-world benchmarks revealed only negligible impact on round-trip times for request packets (and replies). Likewise, he said that increases in transaction processing times were on the order of 0.5-1.0 milliseconds. I heard the same kind of story from all the vendors I talked to. It sounds like prospective buyers need not be overly concerned about any impact on performance from adding RASP to their application mixes."