Modern security needs to have an insight-out approach: AppDynamics

Security challenges come in many forms, thus businesses must adapt their security practices. AppDynamics is an application performance management and IT operations analytics company. It focuses on managing the performance and availability of applications across cloud computing environments as well as inside the data center.

Erwan Paccard, Director Product Marketing, AppDynamics, tells us more. Excerpts from an interview:

DQ: What are the top security concerns for technologists as they prioritize protecting their customer and employee data?

Erwan Paccard: As the applications move to the cloud and adopt microservices architectures, the attack surface is changing and increasing driving the need for new security postures. So, modern security needs to have an insight-out approach, protecting the IT estate from within, not at the perimeters.

Unlike other application security tools, Secure Application continuously detects vulnerabilities and blocks attacks automatically to not only protect your application, end users, and business, but also achieve peak app performance and security posture.

DQ: What are the key challenges around protection of personal user data housed within the application?

Erwan Paccard: Modern applications are increasingly dynamic and growing in complexity as organizations embrace cloud technologies to leverage flexibility and reap cost benefits. As a consequence, data no longer resides in one centralized spot but distributed within application parts.

Traditional application and security monitoring tools simply haven’t kept pace and leave application and security teams siloed and guessing at the application’s perimeter. With no clear perimeter to defend, organizations are forced to make an impossible tradeoff between agility, innovation, and driving the business versus mitigating risk.

This challenge is further exacerbated as enterprises continue to support more employees working from home who are using laptops and devices connected to the public internet. This is testing the limits of monitoring practices and vastly expanding the IT perimeter, creating new weaknesses and vulnerabilities in even the most secure IT estates.

Failure to have the right processes and solutions in place to safeguard data housed in applications not only puts brand reputation and consumer trust at risk, but also may cost organizations millions of dollars in the event of a breach.

DQ: How will app-led security simplify vulnerability management? How does this benefit businesses?

Erwan Paccard: Traditionally, vulnerability scanning happens before the application is launched to production and then on a monthly or quarterly cadence. The moment the app is deployed to production, new security holes and zero-day exploits make the application vulnerable despite all the efforts of pre-production testing.

Secure Application ensures continuous vulnerability assessment and protection by scanning code execution to prevent known exploits. Vulnerability data is correlated to the application and business context so that application and security teams can prioritize, execute, and track remediation by business impact.

But, it doesn’t stop there! It’s one thing to tell you that something’s wrong — but what’s application security without actively protecting applications from attacks? Secure Application, as a first line of defense, automatically stops exploits to prevent breaches and protect a company’s brand. But it doesn’t just drastically simplify vulnerability management — it goes a leap further and actually protects the applications and the business.

DQ: How is Cisco Secure Application bridging the gap between historically siloed teams for speedy remediation when vulnerabilities are detected?

Erwan Paccard: The beauty about what AppDynamics and Cisco are doing with Secure Application is that you’re able to drill down and see visually in which areas problems exist and then be able to respond to it right away. In most organizations the SecOps professional, the NetOps professional, the IT ops professional, and the applications professional all tend to operate in silos. But it’s the weakest link that can actually break your entire chain. So, the more you have visibility across the board, the more you’re strengthening across the board. So that, when there’s something wrong, everyone knows immediately, and can respond immediately.

Secure Application provides a shared context for Application and Security teams for optimal collaboration, improved security posture, and healthy digital business.

DQ: What does this collaboration with Cisco Security mean for AppD? Can you elaborate some key features of the solution?

Erwan Paccard: As part of Cisco, we’re able to provide our customers with the broadest visibility into their IT environments — from the business context and application health to the infrastructure and network running them. Secure Application extends our co-innovation with Cisco, whose Security business is the world’s largest enterprise security company. So, naturally, we looked to our “in-house” security experts at Cisco to curate our threat list, which leverages proprietary and publicly available insights and leverage our agents approach to protect applications wherever they run.

Secure Application is automatically using this list to detect weak application constituents and malicious behavior, block and remediate them quickly via detailed application insights and traffic for SecOps, InfraOps and AppOps teams. It adds application-led visibility to Cisco’s security toolset by marrying our proprietary monitoring technologies with Cisco security expertise, providing broad coverage of threats for modern distributed applications, everytime, everywhere.