Last week while reading to my toddler, I came across the story of “Snow White,” in which the evil queen consults a magic mirror to find her greatest threat, the fairest person in the land. While my kid fell asleep — probably due to my effective storytelling technique — I kept thinking about why the queen would want to identify that threat. The answer, of course, is self-protection from anything that might dethrone her.

Then I began to think about what mechanism the mirror might use to compile and analyze a list of the fairest people in the land. If we think in security terms, the mirror was using runtime analytics to prioritize the threats and track down the fairest of them all.

A Magic Mirror for App Security

In the security world, the explosion of new and complex applications has introduced a host of new threats. Security analysts need a magic mirror on the wall to identify and prioritize the runtime threats in these applications. IBM QRadar SIEM identified the pain the analysts are going through and partnered with Prevoty to come up with the Prevoty QRadar App, which builds reports and visualizations to help analysts act on threats.

Runtime application security is a mysterious black hole for most enterprises, even though applications and their operating environments are constantly under attack. Analysts too often use content, database and command injections to extract sensitive data via the application, which provides little visibility or actionable insights.

With the complexity of distributed software and proliferation of the cloud, it has become increasingly difficult to detect attacks that are actually hitting applications in production and use that data to make informed security decisions. This is a critical gap because enterprises frequently accumulate vulnerability backlogs and resort to using theoretical levels of criticality — not actual risks — to prioritize threats. Response teams suffer from an inability to correlate preproduction vulnerability data with runtime attack data.

Runtime Application Self-Protection

Prevoty’s runtime security technology can detect and identify the who, what, when and where of an attack, revealing a more complete picture of runtime security events. The Prevoty QRadar App builds reports and visualizations for real-time events generated by the product. At runtime, the security engine feeds live attack data into the Prevoty QRadar app, revealing a detailed breakdown of active threat data and malicious behavior that can be correlated with other data sources.

This results in improved forensics and faster fraud detection for security operations and remediation efforts. Correlating preproduction vulnerability data from a dynamic scanner with Prevoty’s runtime attack logs in QRadar, for example, allows security teams to prioritize remediation based on actual risk.

The core Prevoty security product can be deployed without changes to the application using agents, which live and travel within the application and log all runtime security events. As a runtime application self-protection (RASP) technology, it can also be used to perform automated vulnerability mitigation for software in production. This saves time, shortens vulnerability backlogs and ensures that the enterprise is not exposed to risk at runtime.

Other benefits of the app include:

  • Runtime application and data security visibility;
  • Automated application vulnerability remediation;
  • Detection and prevention of data exfiltration; and
  • Improvement of fraud detection using real-time app behavior.

Mirror, Mirror on the Wall…

Prevoty’s approach to security accounts for the variable nature of applications and calls for seamless, pain-free implementation. This means apps must be compatible with old and new programming languages, web application frameworks and microservices; support on-premises, cloud and containerized deployments; and integrate with a wide array of code scanners, data logging tools and SIEM tools.

Prevoty can also be deployed at scale and speed using scripts for Ansible, Chef, Jenkins, Puppet and more within the DevOps process. Its high-performance runtime security technology does not add any latency to the operating application, conducting all of its detection and protection at submillisecond speeds.

Ultimately, by using the Prevoty QRadar app in conjunction with the security product, QRadar customers can employ more sophisticated and unified application protection strategies, access never-before-seen, real-time application threat information and reduce friction across different tools.

What’s the Most Secure App of Them All?

The Prevoty RASP app can be downloaded from the IBM Security App Exchange and integrated to IBM QRadar SIEM to create new reports and visualizations worthy of a fairy tale. To learn more, watch our on-demand webinar, “Detect and Respond to Threats Better With IBM Security App Exchange Partners.”

Visit the app exchange to learn more

More from Application Security

Critically close to zero(day): Exploiting Microsoft Kernel streaming service

10 min read - Last month Microsoft patched a vulnerability in the Microsoft Kernel Streaming Server, a Windows kernel component used in the virtualization and sharing of camera devices. The vulnerability, CVE-2023-36802, allows a local attacker to escalate privileges to SYSTEM. This blog post details my process of exploring a new attack surface in the Windows kernel, finding a 0-day vulnerability, exploring an interesting bug class, and building a stable exploit. This post doesn’t require any specialized Windows kernel knowledge to follow along, though…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Vulnerability management, its impact and threat modeling methodologies

7 min read - Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge increase in the number of cyberattacks carried out by cybercriminals to steal valuable information from businesses. Hence to encounter these attacks, organizations are now focusing…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today