Runtime security and system observability are critical to helping organizations eliminate blind spots that undermine effective DevSecOps goals. This is how an observability platform can identify vulnerabilities at runtime.
Security blind spots pose a significant threat to an effective DevSecOps strategy and leave organizations vulnerable to attack, in some cases when applications are already live.
In December 2021, the emergence of the Log4Shell zero-day vulnerability demonstrated the potential impact of runtime vulnerabilities. An effective DevSecOps strategy helps organizations identify vulnerabilities throughout the software development lifecycle (SDLC) to ensure the integrity of software under development and applications at runtime.
Integrating security too late in the SDLC, expanding cloud access, and delayed security testing are just a few examples of security roadblocks to effective DevSecOps.
In a recent session on Dynatrace perform 2022Dynatrace’s Andreas Berger, Senior Product Manager Application Security Projects, and Christian Schwarzbauer, Application Security Product Architect, discussed the importance of integrated runtime security and system observability to detect, identify and address these blind spots in organizations.
Three key runtime security questions for DevSecOps
To be effective, Berger argues, modern application security requires speed and accuracy. “This is the core of what all security solutions should provide,” she says. Solutions must keep pace with rapidly changing applications in cloud-native environments. “Security solutions should highlight what really matters without inundating everyone with false alerts.”
Ultimately, security solutions should help organizations answer three key questions:
- Are we vulnerable?
- Where and how does it affect us?
- What is the impact?
Alert prioritization against security blind spots at runtime
When it comes to finding and addressing application security blind spots at runtime, a security solution should help you prioritize your efforts. But what does alert prioritization look like in practice?
With Dynatrace Application Security, prioritization starts with your automatic and intelligent observation platform. Automatic discovery and instrumentation enables businesses to assess their entire environment in seconds, uncover actionable insights, and take advantage of real-time tracking of all affected processes.
Dynatrace Application Security automatically assesses risk based on AI-powered analysis and context.
The challenge? Given the depth and breadth of DevSecOps-driven monitoring, the number of reported security vulnerabilities is often considerable—so significant that organizations are often unsure where to focus their efforts.
Berger presents the following ways that Dynatrace helps organizations prioritize their security vulnerability risks:
- Prioritize individual areas of interest. By combining the comprehensive coverage of Dynatrace analysis with extensive search capabilities, DevSecOps teams can quickly filter vulnerabilities by areas of interest to narrow response focus and address specific issues immediately.
- Prioritize vulnerabilities through automated risk assessment. Meanwhile, automated risk assessment helps organizations identify vulnerable features currently in place and tied to a specific security risk. Along with the number and type of vulnerable features in use, the automated assessment tool also reports an organization’s overall risk on a scale of 1 to 10.
- Prioritize issues by vulnerable component. Dynatrace can also prioritize issues for vulnerable components, such as log4j-core or tomcat-enabled-core, that influence multiple processes or functions. The Dynatrace platform shows how many critical vulnerabilities teams can address by updating each of these components. This prioritization allows teams to focus their efforts for maximum impact.
Taking DevSecOps beyond ongoing WAF maintenance
It’s one thing to detect problems before they happen, but what about handling attacks as they happen?
“While web application firewalls (WAFs) remain the de facto standard for application protection,” says Schwarzbauer, “they are not without their drawbacks.” In particular, firewalls could potentially reject requests for authorized resources if they are misconfigured.
“Another potential drawback,” adds Schwarzbauer, “is that no matter how strong a WAF is, attackers will eventually find a way into the network.” As a result, teams must continually maintain and manage WAFs to monitor evolving risks.
Dynatrace uses a full-stack observability approach to detect attacks as they happen.
Dynatrace’s runtime application security makes it possible for IT teams to keep up with attacks as they happen. In addition to identifying potential threats, their location, and the vulnerabilities they exploit, Dynatrace provides information on the full path of the attack, from source IP to entry point, vulnerability type, and database end target.
Additionally, each stage of the security process specifies the location of the code and the function used by attackers to break in. Armed with this information, commercial organizations are better equipped to improve security throughout the DevSecOps pipeline.
Clarify security blind spots forever
Simply put, by combining runtime security with system observability, enterprises are better prepared to detect, deflect, and defeat emerging security threats.
To learn more about the role of runtime application security and system observability in meeting DevSecOps goals, see the full session, Tackle Log4Shell with ease: Why built-in runtime security and observability is key to DevSecOps.