Application security has become a complex, distributed problem. During the days of waterfall development and monolithic applications, application security was pretty straight forward – statically scan your source code, dynamically test your business logic, and deploy a web application firewall to protect layer 7 traffic. But with agile development, DevOps processes, and containerized applications, application […]
The introduction of containers and micro-service architectures have changed the way we develop, deploy, and run our applications. Not only has this changed application development, but it’s also created some visibility challenges for application security. Move those applications to the cloud and we only amplify those challenges. How do we architect our cloud services and […]
There are a number of industry analyst reports on application security. Each analyst firm and report takes its own slice of the market to analyze and report on vendors within that market. For example, the Forrester Wave focuses on Static Application Security Testing, the Gartner Magic Quadrant focuses on Application Security Testing as a whole, […]
The growth of application development, DevOps, containers, and cloud has fueled the growth of application security tools. We now have static analysis, software composition analysis, interactive analysis, dynamic analysis, container scanning, infrastructure as code scanning, and a number of runtime application security products. That’s a lot of testing data, but how do we integrate it […]
The terms machine learning (ML) and artificial intelligence (AI) are way overused terms in our industry. Every vendor seems to have the latest and greatest ML/AI solution to solve your security problem. But when you really dig into the math, there are mathematical models that can actually help us. So why don’t we focus on […]
There are a lot of endpoint security solutions on the market. How do you pick and choose which solution is right for you? The answer may depend on which endpoints you want to protect. Windows? MacOS? Linux? All of the above? What about containers and cloud infrastructure? When we think of traditional endpoints, we immediately […]
Cloud-Native and Serverless are the next evolution of application architecture. But protecting these applications is not easy. Where do I install my agent? How do I monitor network traffic? What APIs are exposed? The adoption of containers started this challenge a few years ago by abstracting the application from the operating system. In order to […]
We’ve been told for years that we don’t have enough data for security. Then we see the headlines and quotes… “Organizations must prepare for collecting, processing, analyzing, and acting upon terabytes of security data.” “All decisions about cybersecurity strategies, program priorities, investments, etc. should be made based upon analysis of real-time and historical data.” New […]
We’ve all heard the term Immutable Infrastructure, especially with cloud deployments, but what does it really mean? What are the security and compliance impacts of Immutable Infrastructure? Let’s start with a quick overview of Immutable Infrastructure. Simply defined, Immutable Infrastructure means that the state of networks, servers, applications, etc. are not subjected to change in […]
In one of my previous roles, I had the great opportunity to travel around the world meeting customers to understand their challenges in vulnerability management. The two biggest challenges they wanted solved were: Help me prioritize which of these vulnerabilities are most critical, and Help me close the loop with my patching solutions to remediate […]
