SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Dynatrace announces AI-powered addition to its Application Security Module
Fri, 18th Jun 2021
FYI, this story is more than a year old

Dynatrace has announced a new AI-powered addition to its Application Security Module, to identify potentially risky software libraries and open source packages.

The software intelligence company announced its new Davis Security Advisor, an AI-powered advancement to the Dynatrace Application Security Module, designed to automatically surface, prioritise, and detail software libraries and open source packages representing the greatest risk to an organisation.

This enables DevSecOps teams to make more informed, real-time decisions, and address the most critical vulnerabilities first, which Dynatrace says will allow them to reduce risks facing their organisation with more efficiency.

In a report by Forrester Research principal analyst, Sandy Carielli, applications remain a leading cause of external breaches, and the prevalence of open source, API, and containers adds complications for security teams.

Dynatrace says its own research found 89% of CISOs say cloud-native architectures and container runtime environments make it more challenging to detect and manage software vulnerabilities.

Davis Security Advisor has been designed to address these challenges. It is optimised for cloud-native environments and powered by the Dynatrace Davis AI engine, it automatically monitors all software libraries used in preproduction and production, and removes false positives.

It also aggregates vulnerability data in real-time and prioritises a remedy based on multiple aspects of risk, including:

  • The number of vulnerabilities caused by each software library.
  • Vulnerability severity, which is based on the common vulnerability scoring system rating of each vulnerability and whether the relevant code is used at runtime. 
  • Threat context, which reflects whether there is a known public exploit for each vulnerability.  
  • Asset exposure, which indicates whether the vulnerable code is communicating with the internet.  
  • Potential business impact, which is determined by whether the processes that include the vulnerable library are connected to sensitive data.  

“The Dynatrace Application Security platform was built for cloud-native and hybrid environments and optimised for Kubernetes,” says Dynatrace SVP of product management, Steve Tack.

“Cloud-native architectures fuel digital transformation, but traditional application security tools simply cannot keep up with the rapid pace of change in these environments, and fail to surface key insights like whether vulnerable code is used at runtime. Manual processes and piecemeal solutions that don't aggregate data from across these environments force teams to waste time chasing false positives and leave organisations vulnerable to risk.

“By automatically surfacing the most critical vulnerabilities and providing code-level detail and prioritisation based on business impact, Dynatrace enables DevSecOps teams to work smarter, not harder, as they reduce their organisations risk exposure,” he says.