Last week while reading to my toddler, I came across the story of “Snow White,” in which the evil queen consults a magic mirror to find her greatest threat, the fairest person in the land. While my kid fell asleep — probably due to my effective storytelling technique — I kept thinking about why the queen would want to identify that threat. The answer, of course, is self-protection from anything that might dethrone her.

Then I began to think about what mechanism the mirror might use to compile and analyze a list of the fairest people in the land. If we think in security terms, the mirror was using runtime analytics to prioritize the threats and track down the fairest of them all.

A Magic Mirror for App Security

In the security world, the explosion of new and complex applications has introduced a host of new threats. Security analysts need a magic mirror on the wall to identify and prioritize the runtime threats in these applications. IBM QRadar SIEM identified the pain the analysts are going through and partnered with Prevoty to come up with the Prevoty QRadar App, which builds reports and visualizations to help analysts act on threats.

Runtime application security is a mysterious black hole for most enterprises, even though applications and their operating environments are constantly under attack. Analysts too often use content, database and command injections to extract sensitive data via the application, which provides little visibility or actionable insights.

With the complexity of distributed software and proliferation of the cloud, it has become increasingly difficult to detect attacks that are actually hitting applications in production and use that data to make informed security decisions. This is a critical gap because enterprises frequently accumulate vulnerability backlogs and resort to using theoretical levels of criticality — not actual risks — to prioritize threats. Response teams suffer from an inability to correlate preproduction vulnerability data with runtime attack data.

Runtime Application Self-Protection

Prevoty’s runtime security technology can detect and identify the who, what, when and where of an attack, revealing a more complete picture of runtime security events. The Prevoty QRadar App builds reports and visualizations for real-time events generated by the product. At runtime, the security engine feeds live attack data into the Prevoty QRadar app, revealing a detailed breakdown of active threat data and malicious behavior that can be correlated with other data sources.

This results in improved forensics and faster fraud detection for security operations and remediation efforts. Correlating preproduction vulnerability data from a dynamic scanner with Prevoty’s runtime attack logs in QRadar, for example, allows security teams to prioritize remediation based on actual risk.

The core Prevoty security product can be deployed without changes to the application using agents, which live and travel within the application and log all runtime security events. As a runtime application self-protection (RASP) technology, it can also be used to perform automated vulnerability mitigation for software in production. This saves time, shortens vulnerability backlogs and ensures that the enterprise is not exposed to risk at runtime.

Other benefits of the app include:

  • Runtime application and data security visibility;
  • Automated application vulnerability remediation;
  • Detection and prevention of data exfiltration; and
  • Improvement of fraud detection using real-time app behavior.

Mirror, Mirror on the Wall…

Prevoty’s approach to security accounts for the variable nature of applications and calls for seamless, pain-free implementation. This means apps must be compatible with old and new programming languages, web application frameworks and microservices; support on-premises, cloud and containerized deployments; and integrate with a wide array of code scanners, data logging tools and SIEM tools.

Prevoty can also be deployed at scale and speed using scripts for Ansible, Chef, Jenkins, Puppet and more within the DevOps process. Its high-performance runtime security technology does not add any latency to the operating application, conducting all of its detection and protection at submillisecond speeds.

Ultimately, by using the Prevoty QRadar app in conjunction with the security product, QRadar customers can employ more sophisticated and unified application protection strategies, access never-before-seen, real-time application threat information and reduce friction across different tools.

What’s the Most Secure App of Them All?

The Prevoty RASP app can be downloaded from the IBM Security App Exchange and integrated to IBM QRadar SIEM to create new reports and visualizations worthy of a fairy tale. To learn more, watch our on-demand webinar, “Detect and Respond to Threats Better With IBM Security App Exchange Partners.”

Visit the app exchange to learn more

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…