Last week while reading to my toddler, I came across the story of “Snow White,” in which the evil queen consults a magic mirror to find her greatest threat, the fairest person in the land. While my kid fell asleep — probably due to my effective storytelling technique — I kept thinking about why the queen would want to identify that threat. The answer, of course, is self-protection from anything that might dethrone her.

Then I began to think about what mechanism the mirror might use to compile and analyze a list of the fairest people in the land. If we think in security terms, the mirror was using runtime analytics to prioritize the threats and track down the fairest of them all.

A Magic Mirror for App Security

In the security world, the explosion of new and complex applications has introduced a host of new threats. Security analysts need a magic mirror on the wall to identify and prioritize the runtime threats in these applications. IBM QRadar SIEM identified the pain the analysts are going through and partnered with Prevoty to come up with the Prevoty QRadar App, which builds reports and visualizations to help analysts act on threats.

Runtime application security is a mysterious black hole for most enterprises, even though applications and their operating environments are constantly under attack. Analysts too often use content, database and command injections to extract sensitive data via the application, which provides little visibility or actionable insights.

With the complexity of distributed software and proliferation of the cloud, it has become increasingly difficult to detect attacks that are actually hitting applications in production and use that data to make informed security decisions. This is a critical gap because enterprises frequently accumulate vulnerability backlogs and resort to using theoretical levels of criticality — not actual risks — to prioritize threats. Response teams suffer from an inability to correlate preproduction vulnerability data with runtime attack data.

Runtime Application Self-Protection

Prevoty’s runtime security technology can detect and identify the who, what, when and where of an attack, revealing a more complete picture of runtime security events. The Prevoty QRadar App builds reports and visualizations for real-time events generated by the product. At runtime, the security engine feeds live attack data into the Prevoty QRadar app, revealing a detailed breakdown of active threat data and malicious behavior that can be correlated with other data sources.

This results in improved forensics and faster fraud detection for security operations and remediation efforts. Correlating preproduction vulnerability data from a dynamic scanner with Prevoty’s runtime attack logs in QRadar, for example, allows security teams to prioritize remediation based on actual risk.

The core Prevoty security product can be deployed without changes to the application using agents, which live and travel within the application and log all runtime security events. As a runtime application self-protection (RASP) technology, it can also be used to perform automated vulnerability mitigation for software in production. This saves time, shortens vulnerability backlogs and ensures that the enterprise is not exposed to risk at runtime.

Other benefits of the app include:

  • Runtime application and data security visibility;
  • Automated application vulnerability remediation;
  • Detection and prevention of data exfiltration; and
  • Improvement of fraud detection using real-time app behavior.

Mirror, Mirror on the Wall…

Prevoty’s approach to security accounts for the variable nature of applications and calls for seamless, pain-free implementation. This means apps must be compatible with old and new programming languages, web application frameworks and microservices; support on-premises, cloud and containerized deployments; and integrate with a wide array of code scanners, data logging tools and SIEM tools.

Prevoty can also be deployed at scale and speed using scripts for Ansible, Chef, Jenkins, Puppet and more within the DevOps process. Its high-performance runtime security technology does not add any latency to the operating application, conducting all of its detection and protection at submillisecond speeds.

Ultimately, by using the Prevoty QRadar app in conjunction with the security product, QRadar customers can employ more sophisticated and unified application protection strategies, access never-before-seen, real-time application threat information and reduce friction across different tools.

What’s the Most Secure App of Them All?

The Prevoty RASP app can be downloaded from the IBM Security App Exchange and integrated to IBM QRadar SIEM to create new reports and visualizations worthy of a fairy tale. To learn more, watch our on-demand webinar, “Detect and Respond to Threats Better With IBM Security App Exchange Partners.”

Visit the app exchange to learn more

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today