Last week while reading to my toddler, I came across the story of “Snow White,” in which the evil queen consults a magic mirror to find her greatest threat, the fairest person in the land. While my kid fell asleep — probably due to my effective storytelling technique — I kept thinking about why the queen would want to identify that threat. The answer, of course, is self-protection from anything that might dethrone her.

Then I began to think about what mechanism the mirror might use to compile and analyze a list of the fairest people in the land. If we think in security terms, the mirror was using runtime analytics to prioritize the threats and track down the fairest of them all.

A Magic Mirror for App Security

In the security world, the explosion of new and complex applications has introduced a host of new threats. Security analysts need a magic mirror on the wall to identify and prioritize the runtime threats in these applications. IBM QRadar SIEM identified the pain the analysts are going through and partnered with Prevoty to come up with the Prevoty QRadar App, which builds reports and visualizations to help analysts act on threats.

Runtime application security is a mysterious black hole for most enterprises, even though applications and their operating environments are constantly under attack. Analysts too often use content, database and command injections to extract sensitive data via the application, which provides little visibility or actionable insights.

With the complexity of distributed software and proliferation of the cloud, it has become increasingly difficult to detect attacks that are actually hitting applications in production and use that data to make informed security decisions. This is a critical gap because enterprises frequently accumulate vulnerability backlogs and resort to using theoretical levels of criticality — not actual risks — to prioritize threats. Response teams suffer from an inability to correlate preproduction vulnerability data with runtime attack data.

Runtime Application Self-Protection

Prevoty’s runtime security technology can detect and identify the who, what, when and where of an attack, revealing a more complete picture of runtime security events. The Prevoty QRadar App builds reports and visualizations for real-time events generated by the product. At runtime, the security engine feeds live attack data into the Prevoty QRadar app, revealing a detailed breakdown of active threat data and malicious behavior that can be correlated with other data sources.

This results in improved forensics and faster fraud detection for security operations and remediation efforts. Correlating preproduction vulnerability data from a dynamic scanner with Prevoty’s runtime attack logs in QRadar, for example, allows security teams to prioritize remediation based on actual risk.

The core Prevoty security product can be deployed without changes to the application using agents, which live and travel within the application and log all runtime security events. As a runtime application self-protection (RASP) technology, it can also be used to perform automated vulnerability mitigation for software in production. This saves time, shortens vulnerability backlogs and ensures that the enterprise is not exposed to risk at runtime.

Other benefits of the app include:

  • Runtime application and data security visibility;
  • Automated application vulnerability remediation;
  • Detection and prevention of data exfiltration; and
  • Improvement of fraud detection using real-time app behavior.

Mirror, Mirror on the Wall…

Prevoty’s approach to security accounts for the variable nature of applications and calls for seamless, pain-free implementation. This means apps must be compatible with old and new programming languages, web application frameworks and microservices; support on-premises, cloud and containerized deployments; and integrate with a wide array of code scanners, data logging tools and SIEM tools.

Prevoty can also be deployed at scale and speed using scripts for Ansible, Chef, Jenkins, Puppet and more within the DevOps process. Its high-performance runtime security technology does not add any latency to the operating application, conducting all of its detection and protection at submillisecond speeds.

Ultimately, by using the Prevoty QRadar app in conjunction with the security product, QRadar customers can employ more sophisticated and unified application protection strategies, access never-before-seen, real-time application threat information and reduce friction across different tools.

What’s the Most Secure App of Them All?

The Prevoty RASP app can be downloaded from the IBM Security App Exchange and integrated to IBM QRadar SIEM to create new reports and visualizations worthy of a fairy tale. To learn more, watch our on-demand webinar, “Detect and Respond to Threats Better With IBM Security App Exchange Partners.”

Visit the app exchange to learn more

More from Intelligence & Analytics

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read