I've read a lot recently about "self-defending" application security products -- those that can be integrated into an enterprise application to ward off application hacks, subversion and piracy. How do these products work? Do they really do anything new?