SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Application Security
#
AI
#
DevSecOps
Dynatrace announces AI-powered addition to its Application Security Module
Fri, 18th Jun 2021
FYI, this story is more than a year old
Author image
By Ryan Morris-Reade, Contributor
Follow us

Dynatrace has announced a new AI-powered addition to its Application Security Module, to identify potentially risky software libraries and open source packages.

The software intelligence company announced its new Davis Security Advisor, an AI-powered advancement to the Dynatrace Application Security Module, designed to automatically surface, prioritise, and detail software libraries and open source packages representing the greatest risk to an organisation.

This enables DevSecOps teams to make more informed, real-time decisions, and address the most critical vulnerabilities first, which Dynatrace says will allow them to reduce risks facing their organisation with more efficiency.

In a report by Forrester Research principal analyst, Sandy Carielli, applications remain a leading cause of external breaches, and the prevalence of open source, API, and containers adds complications for security teams.

Dynatrace says its own research found 89% of CISOs say cloud-native architectures and container runtime environments make it more challenging to detect and manage software vulnerabilities.

Davis Security Advisor has been designed to address these challenges. It is optimised for cloud-native environments and powered by the Dynatrace Davis AI engine, it automatically monitors all software libraries used in preproduction and production, and removes false positives.

It also aggregates vulnerability data in real-time and prioritises a remedy based on multiple aspects of risk, including:

  • The number of vulnerabilities caused by each software library.
  • Vulnerability severity, which is based on the common vulnerability scoring system rating of each vulnerability and whether the relevant code is used at runtime. 
  • Threat context, which reflects whether there is a known public exploit for each vulnerability.  
  • Asset exposure, which indicates whether the vulnerable code is communicating with the internet.  
  • Potential business impact, which is determined by whether the processes that include the vulnerable library are connected to sensitive data.  

“The Dynatrace Application Security platform was built for cloud-native and hybrid environments and optimised for Kubernetes,” says Dynatrace SVP of product management, Steve Tack.

“Cloud-native architectures fuel digital transformation, but traditional application security tools simply cannot keep up with the rapid pace of change in these environments, and fail to surface key insights like whether vulnerable code is used at runtime. Manual processes and piecemeal solutions that don't aggregate data from across these environments force teams to waste time chasing false positives and leave organisations vulnerable to risk.

“By automatically surfacing the most critical vulnerabilities and providing code-level detail and prioritisation based on business impact, Dynatrace enables DevSecOps teams to work smarter, not harder, as they reduce their organisations risk exposure,” he says.

Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds
Cisco launches Hypershield for AI-driven security upgrade
Trustifi launches innovative phishing detection training for MSPs
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models