Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

DZone Research: Security Use Cases (Part 2)

DZone's Guide to

DZone Research: Security Use Cases (Part 2)

Click here to read more about the tremendous breadth of use cases with 12 industries and 23 applications referenced.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

To gather insights on the current and future state of security, we talked to 47 executives from 43 companies about security in their own organizations and for the clients with whom they are working. Given all of the breaches that have appeared in the news and the enforcement of GDPR, the response to this topic was unlike any we have seen for previous security research guides.

We asked them, "What are some real-world problems you are helping your client solve by securing applications and data?" Here's what they told us:

Applications

  • Let’s make security seamless. Let’s try to take friction out. How to take security and make it first? Ease of deployment. This means self-service security. Helping organizations understand security can be deployed on day one without impacting applications. There is more to cloud security than just compliance. It is important to give people the ability to see what’s going on in the application. Amazing threat intelligence.
  • Customers do not have an AppSec scanning service that continually monitors every application and alerts them when malicious activity is suspected. Customers want to have a real-time dashboard to review and have remedies for these application vulnerabilities.  We offer Scan and Secure services that can scan every pre-production and production application release automatically.  When new issues are found, results are published directly into the customer’s bug database. The customer can view into the highest level of vulnerability and can triage where applicable. The customer can see exactly within their application where the problem exists. Data Theorem’s offering provides sample code to fix the vulnerability identified. Data Theorem can also provide a list of public news articles of other companies who had these types of vulnerabilities exploited in their applications, ultimately, damaging their brands and creating losses to themselves and/or their customers.
  • Security is a human problem, due to mitigating the risk of software in applications across the entire development organization. This problem will not be solved until solved by the developer and development team desktop. Developers must get educated. And, this is not addressed at the university level. Like the concept of DevOps, it’s not new, as well as DevSecOps. There is no silver bullet. Call it whatever you want — incorporate security earlier in the SDLC.
  • How many employees are using weak passwords and weak password policy? Put controls and set policies around employees within an hour or two by setting things like one-time passwords. Automatically updating employee vaults. Close gaps in SSO. SSO is fantastic for cloud-based applications, but there’s a lot more data that has to be protected. Any digital asset is important to have secure. We add a zero-knowledge security layer and Snap-On secure digital vault. Customers are nervous about where keys are stored in the cloud. This gives companies clarity, visibility, and comfort when it comes to their security. No one figured out how to do this the right way. We spend a lot of time in customer meetings to learn needs and pain points.
  • 1) Lift and shift of old Windows applications. It is feasible to connect to the internet using VPN and connect back to the cloud without exposing them to the internet. Observe if anything is going wrong. Get alarms. This will allow you to drive out large-scale development for the cloud. You can deploy this every two week or every two days; this is done the same way eBay and Amazon deploy microservices.
  • Because we are paranoid, we introduce encryption and randomization. Our customers come to us with their sensitive data.
  • We help our clients to automate and orchestrate their security toolchains. AI is the most effective automation mechanism to date, and leveraging its capabilities delivers the ultimate winning security configuration. We estimate that on average companies have over 50 security solutions in place from multiple vendors. At the Cambridge Cyber Summit, Mark McLaughlin, the former CEO of Palo Alto Networks, said, “Organizations have plenty of technology in place, but not enough people to use the tools.” More solutions and more vendors will appear in the coming years with their unique value proposition. Use of AI to augment those 50 capabilities enables security to not only utilize the capabilities that your team can’t but also enhance their overall velocity. 
  • Protection of data, integrity, access to data for business. Behavioral-based solutions help customers maintain access to data business service continuity. Ransomware attacks are dangerous and prevent access and business continuity.
  • The uptake of containers has been very fast. Catch up is happening. Using flow to build containers and as the artifact, they move through the pipeline and use Twistlock. This allows integration to third-party commercial and open source products. The pipeline has to be adaptable, so clients can integrate what they want. Working with clients on the flexibility and adaptability of their pipeline is important.
  • DevSecOps - As builds are completed and go through their functional test cycle, Halo incorporates a comprehensive set of security checks to make sure that they build artifacts to meet the security and compliance policies of your organization. These CI/CD integrated checks include testing for any known vulnerable packages and secure configuration monitoring. Automated security and compliance - Working in any combination of cloud or hybrid infrastructure (public cloud, private cloud, hybrid, multi-cloud, or virtualized data center including bare metal), Halo provides continuous security and compliance as a service. Workloads can be assessed with a broad set of controls, as they are created, and continuously thereafter. Visibility across all clouds, workloads, and containers - Halo provides a comprehensive set of automated security and compliance monitoring capabilities across all clouds, workloads, and containers. Halo’s cloud-scale platform approach means asset data is collected in a highly automated and scalable way.  Halo comes with full REST APIs, which can be used to integrate security events and alerts into the existing SIEM or orchestration workflows.
  • 1) Automated malware analysis gets a vague alert from endpoint protection systems. Then, they collect files and analyze them using our technology to know exactly what you are up against, the kind of malware, the level of sophistication, source, apply remediation, and vaccine. 2) Conduct an assessment service to see what networks are clean. Service where our experts come and scan the network in a couple of hours and analyze what found by the end of day will see everything that hidden – even malware in memory. With this approach to malware, we assume that the software world is evolutionary. Most of the code has been seen before. Check this for malware. To identify code in malware we take a certain undetected malware, look at the binary code, and take the code to a massive database of previously seen malware. If we see code reused from previous malware, we know that we’re encountering malware. Like developers use open source tools, we see attackers use open source tools to steal credentials in the windows systems. And, we see it reused all the time. It’s not detected. When we look at server or endpoint memory, we can tell you where we’ve seen this before. The memory artifacts tell us a lot of information about how long the malware has been there. We want control over your network so that they can exfiltrate when they want.
  • We work with large organizations with data on-prem. We provide access to their employees, enabling them to see files from the LAN and the web. Encrypt data at rest. Used object-based storage systems. Secure interfaces to the cloud. Don’t hold encryption keys.
  • 1) Moving to the cloud. When moving, the most realized shared security model means you are responsible for the security of your data. So, what comes on-prem also comes into the cloud. Can you lift and shift into a cloud appliance? As you become more cloud-native, we have more cloud-focused tools. DevOps are using CI/CD to release new versions every day. We need more of a way of doing it immediately. Scanner integrated into web application firewall – audit and log automatically.
  • 1) Clients come to us after a compromise. We remediate the issue, secure, relaunch, and make sure it doesn’t happen again. We get their framework back up to a secure standard. Post-breach. 2) More proactively malware in databases of CMS sites. Remove malicious code from databases proactively.
  • Chief Information Security Officers’ (CISO) ability to communicate the impact of security programs as well as its results to the C-Suite is one of the main challenges we are trying to address. We are focused on helping CISOs gain a better and faster understanding of their cyber-security program maturity and prioritize investments in line with the organization’s business goals. To this end, we launched Secure Blueprint, our cyber business management platform that helps CISOs respond to complex security needs while creating business alignment. We provide a centralized system for program management that gives them the capacity to manage a vast number of components affecting the enterprise security.  All in all, we are simplifying the board reporting process and helping CISOs to better engage with key stakeholders about their cybersecurity landscape.
  • Our users are rapidly deploying new applications that give their customers better features within customer-facing applications, portals, and API-based services. These need to be secured for any business critical, financial, or compliance-driven use case, and that’s where we help.
  • 1) We do most of the operations and take a big portion of the security on us by offering end-to-end security. Don’t control on-prem and in the LAN. Keep cameras up to date. Push firmware update as needed. Scan the internal network for other vulnerabilities. The more separate physical security devices from the normal service LAN, the more secure we can make them. Scan their networks' port scanning, broadcast, sniffing if something is not going as expected. Do not accept cameras with public IPs or default username and passwords. We fingerprint the devices.
  • Our platform encompasses the entire lifecycle – preempting, detecting, and responding to attacks. 1) Attack Surface Manager discovers hidden elements throughout the network that enable lateral movement and otherwise facilitate advanced attacks. In today’s fast-changing business environments, it is difficult for security teams to identify and control credentials and other sensitive data elements that proliferate during normal day-to-day operations. ASM automatically identifies these risks, revealing policy violations and enabling security professionals to proactively deprive attackers of the keys they need to reach critical assets. 2) Leveraging advanced ML so the platform deploys deceptions quickly and easily across vast networks. 3) Their ability to plant authentic deceptions across entire networks enables swift detection of adversaries — be it outsiders or malicious insiders — at a very early stage of their attack. 4) We offer customers more than the means to simply catch an attacker by also providing detailed forensics and visibility. When an attacker follows a deceptive trail, we target the attacker’s connection, slow it down in real-time, and keep it alive. While the connection is still active and while the attacker is still operating, forensics data is captured that provides visibility into what the attacker is actually doing or has done. In other words, the forensics capability allows knowing the toolset the attacker is using the command and control center the attacker is connected into and the files the attacker dropped on a system. In addition, forensics enables ongoing, reliable intelligence about the attacker's activity. 5) Our technology empowers those who protect the organization with extremely high fidelity forensics capabilities, e.g. highlighting TTPs (Tool, Tactics, and Procedures) attackers are using as part of their operation towards a Wire Transfer Server (SWIFT).
  • Securing data and making it available everywhere is like mixing water and fire. By definition, they don’t exist together. Cloud vendors spend millions on making this paradigm a reality. We use these Cloud vendors, such as Amazon, to provide our customers with a secured yet accessible application. Our client uses our solution to better manage the fast-changing corporate world, take control of IT activities, and identify weak-spots within the organization. Such as making sure that an important case is not forgotten and there aren’t openings for attackers, as well as not having legacy systems run without need or workflows that were neglected and left incomplete.
  • 1) DDoS mitigation stops attacks and higher-level application attacks. Run traffic through us and make sure any bad activity is scrubbed out before passed back to the application. Put out in the wild so do not introduce latency. 2) Within broader DNS service lines recursive service helps customers secure endpoints. Provide an overlay of security within that transaction for an additional level of security. Give intelligence to a recursive server to identify bad sites. Lightweight footprint.
  • One of the biggest problems that we’re addressing is helping teams and individuals in organizations build skills. Often, when someone has to learn a new platform or a specific service, they don’t have the luxury of lots of time and they need to be able to learn it quickly so that they can apply it as soon as possible. At Cloud Academy, we are focused on helping teams build actionable skills. We address theory and practical knowledge, and we give them the opportunity to learn and experiment with a service hands-on, right in the cloud console where they will be building. So, when someone needs to learn how to encrypt S3 and EBS data, for example, they can understand why they should learn that in the first place, and, then, they can learn how to do it and are guided every step of the way.
  • Our IT security solutions suite helps customers stay current with critical patches, identifies security misconfiguration in real time, and provides anomaly detection and threat mitigation.
  • We directly solve the Apple device management problem, and we do it with a big investment in security — both in terms of how we build our product and run our infrastructure, as well as the actual features/functionality of the product. We solve that boring stuff like making sure all the disks are encrypted, all the apps are patched, and the operating system is up to date.
  • Our customers, which include large and midsized enterprises, look for a scalable and automated way to improve security and compliance, as they leverage the latest information technology to create a competitive advantage. Security must be part of that and, at the same time, cannot be an obstacle. 1) One real-world problem customers have is how to deploy faster without compromising security or compliance. Our answer is security automation built into the DevOps pipeline that empowers developers to become part of the solution, but without placing too much of a burden on them or slowing down the flow of code through the pipeline. This means inserting elements of our solution into developer environments, such as CI/CD, allowing developers to resolve issues early in their familiar environment. We also provide them with actionable info on any issues discovered via collaborative tools, such as Slack or Jira. 2) Another challenge customers have is how to realize a hybrid — or multi-cloud strategy — that will allow them to deploy applications at will on different clouds and on-prem. How can they ensure that security controls remain the same no matter where the application is running? And, how can they avoid cumbersome reconfiguration when moving between clouds? By addressing these issues using cloud-native methods, we ensure the security policy and control points are always part of the application, allowing organizations to secure their applications once, and deploy them anywhere.
  • We help customers secure their sensitive email and attachments from a possible data breach, through our email encryption and DLP solutions.  We help them in meeting industry-specific compliances around protecting data in transit.

Here’s who we talked to:

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
security ,use cases ,industries ,research ,devsecops

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}