《应用安全领域的创新.pdf》由会员分享,可在线阅读,更多相关《应用安全领域的创新.pdf(67页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveRandy Birdsall,Director,Product Management,CiscoBrad Welsh,APM Program Manager,Indiana Office of TechnologyBRKAPP-1624New innovations in Application Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3
2、Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile App(BRKAPP-1116)Click“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the spea
3、ker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKAPP-1624A little about me Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicSecuring the new digital worldFoundational concepts of applicationsApplication security for hybrid
4、applicationsSecurity insights for cloud native applications BRKAPP-16245 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveE-CommerceLocationPersonalizationChatAIAssociateMarketingScan and goPOSWe will in an evolving and expanding digital worldConsumerBRKAPP-16246 2023 Cisco
5、 and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhere digital experience is the new business KPIPerformanceMitigating RiskTeam EfficiencyDigital Experiencetied to Business OutcomesBRKAPP-16247 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrivatecloudHyb
6、rid cloudSecurityServiceprovidersCloud providersColocationSaaSSaaSSaaSSaaSSaaSThere is no business contextCampusHomeData centerEdge|IoT and OTBut applications are built in complex environmentNetOpsAppOpsandDevOpsInfraOpsSecOpsBRKAPP-16248 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pu
7、blic 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhich leads to9BRKAPP-1624ComplexityFriction between teamsData overloadUse more than 10 application observability/monitoring tool56%74%Struggle with data collection and correlation60%Say most observability tools serve na
8、rrow requirements and fail to enable a complete viewTool sprawl 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveE-CommerceLocationPersonalizationChatAIAssociateMarketingScan and goPOSSo,teams need to see the full stack of available data Shared context across the digital ex
9、perience ConsumerNetOpsAppOpsandDevOpsInfraOpsSecOpsBRKAPP-162410App TeamFocused on velocity&user experienceSecurity TeamFocused on vulnerabilities&threatsBRKAPP-162411BRKAPP-1624 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public11 2023 Cisco and/or its affiliates.All rights reserved
10、.Cisco Public#CiscoLiveThe pain is real and similar to ITOps problemsAverage cost to contain a breach with 38%of this cost from lost businessSource:Ponemon Institute,2022277 days$9.44MCost to Contain a Breach in the USAverage time to identify and contain a data breachSource:Ponemon Institute,2022 of
11、 a year to detect breach occurred!60%Breaches with data exfiltrated in the first 24-hoursSource:Cisco Security,2020BRKAPP-162412 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicWithout both teams joining the fight,issues like the log4j JNDI vulnerability cant be protected against in
12、 a timely fashionBusiness cant afford App and Sec silos BRKAPP-162413How can Cisco help?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow Cisco Full-Stack Observability can help?Across the full-stack,tied to business contextObserve Enhance application performance and end
13、 user experience Secure Protect application vulnerabilities with business risk observability Optimize Optimize resources and lower costs Extend Extend and empower a new observability ecosystem BRKAPP-162415 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBusiness Risk Obse
14、rvabilityBusiness Context MappingMapping vulnerabilities and attacks to common transactions provides the business context to help you quickly understand the location and impact of threats.Vulnerability and Threat IntelligenceThreat intelligence feeds from multiple yet complementary sources provide t
15、he threat context to understand the likelihood of exploits.Business Risk ScoreScoring composited from analysis of runtime behavior+business impact+intelligence provides complete business risk context to instantly assess and prioritize action across ITOps and Security teams.+=Provide business context
16、 needed to rapidly assess risk and align teams based on potential impactFull-Stack Observability SecureBRKAPP-162416 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTraditional and hybrid applications(AppOps)Hybrid application monitoringAppDynamicswith SAP monitoringEnsure
17、 business context deep into the technology stackDeliver performance and experiences your business and customers demand Monitor traditional to hybrid apps including mission critical apps(SAP)BRKAPP-162417 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDetect AttacksBlock A
18、ttacksDetect VulnerabilitiesCommon Vulnerabilities and Exceptions with Code Level correlationSpot CVE correlated runtime exploits and Zero Day attacks(like Log4j)Policy level blocking that stops bad actors even if vulnerabilities existBusiness Risk ObservabilityCisco Secure ApplicationSecurity insig
19、hts provided with Application and Business contextHybrid ApplicationsBRKAPP-162418 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIncluded inAppD APM AgentDatabaseSQLServer AgentOSEnd User AgentBrowser/Mobile/IoTOne-Way HTTP/SOne-Way HTTP/SRemote JDBCAPM AgentJava/.NET Dy
20、namic LanguagesSAPOne-Way HTTP/SSecure WorkloadFirewall,IPS,WAF,Perimeter SecurityCisco Security SolutionsSecure ApplicationSecure ApplicationAppDynamics Agent ArchitectureBRKAPP-162419Hybrid ApplicationsReal-world usage 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicLog4shell Expl
21、ained(CVE-2021-44228)Arbitrary code execution in Log4j,a popular Java logging frameworkDownload and run malwareSteal,modify,destroy any dataAlter business transactionsSteal admin or customer credentialsBecome completely integrated into the application and with same level of trustBRKAPP-162421 2023 C
22、isco and/or its affiliates.All rights reserved.Cisco PublicLog4shell Explained(CVE-2021-44228)Attacker delivers JNDI lookup stringCan be done remotely or locallyBRKAPP-162422Arbitrary code execution in Log4j,a popular Java logging framework 2023 Cisco and/or its affiliates.All rights reserved.Cisco
23、PublicLog4shell Explained(CVE-2021-44228)Attacker delivers JNDI lookup stringCan be done remotely or locallyString sent to log4j library App must log the stringBRKAPP-162423Arbitrary code execution in Log4j,a popular Java logging framework 2023 Cisco and/or its affiliates.All rights reserved.Cisco P
24、ublicLog4shell Explained(CVE-2021-44228)Attacker delivers JNDI lookup stringCan be done remotely or locallyString sent to log4j library App must log the stringLog4j replaces string from a malicious serverApp needs access to remote LDAPBRKAPP-162424Arbitrary code execution in Log4j,a popular Java log
25、ging framework 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicLog4shell Explained(CVE-2021-44228)Attacker delivers JNDI lookup stringCan be done remotely or locallyString sent to log4j library App must log the stringLog4j replaces string from a malicious serverApp needs access to r
26、emote LDAPServer provides malicious codeGives complete control of the application and access to host OSBRKAPP-162425Arbitrary code execution in Log4j,a popular Java logging framework 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicLog4shell Explained(CVE-2021-44228)Attacker delivers
27、 JNDI lookup stringCan be done remotely or locallyString sent to log4j library App must log the stringLog4j replaces string from a malicious serverApp needs access to remote LDAPServer provides malicious codeGives complete control of the application and access to host OSBRKAPP-162426Arbitrary code e
28、xecution in Log4j,a popular Java logging frameworkWhere should we start?Log4j is everywhere!The scan didnt have impacted services 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicInstrument apps with no code changesUtilize existing workflow of dev and opsSecure Application Protects A
29、gainst Log4ShellIdentify the risk and protect against exploitsBRKAPP-162427Hybrid ApplicationsCisco Secure ApplicationSecure Application 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicInstrument apps with no code changesUtilize existing workflow of dev and opsDetect vuln library us
30、age in Business TransactionsIdentify if the library is loaded and vuln code is reachableSecure Application Protects Against Log4ShellIdentify the risk and protect against exploitsBRKAPP-162428Hybrid ApplicationsCisco Secure ApplicationSecure Application 2023 Cisco and/or its affiliates.All rights re
31、served.Cisco PublicInstrument apps with no code changesUtilize existing workflow of dev and opsDetect vuln library usage in Business TransactionsIdentify if the library is loaded and vuln code is reachableBlock network accessStop LDAP lookup for JNDI vuln codeSecure Application Protects Against Log4
32、ShellIdentify the risk and protect against exploitsBRKAPP-162429Hybrid ApplicationsCisco Secure ApplicationSecure Application 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicInstrument apps with no code changesUtilize existing workflow of dev and opsDetect vuln library usage in Busi
33、ness TransactionsIdentify if the library is loaded and vuln code is reachableBlock network accessStop LDAP lookup for JNDI vuln codeAlert sec and app teamsInsights provided with app and biz contextSecure Application Protects Against Log4ShellIdentify the risk and protect against exploitsBRKAPP-16243
34、0Hybrid ApplicationsCisco Secure ApplicationSecure ApplicationCapabilities 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIdentify Open-Source RiskLibraries usageSee anytime a library is loaded by your appsConstant monitoringKnow where vulnerabilities are right after theyre disclos
35、edRemediation guidanceGet fixes out quicker tailored to your environment Know what third-party code your apps are usingBRKAPP-162432Hybrid Applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRate of Vulnerability Disclosure05,00010,00015,00020,00025,00030,000CVEs
36、Per YearCVEs from NVD190,359190,359Average CVEs Published Per Day6868202225,05925,05924%Y/Y24%Y/Y2023 Q117%Q/Q17%Q/QBRKAPP-162433 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThere were an average of 67 new software vulnerabilities published every day in 2022 95%of IT a
37、ssets have at least one highly exploitable vulnerability.Organizations are remediating around 1 in 10 vulnerabilities in any month.Twitter mentions to prioritize software fixes are 2X as effective at reducing organizational exploitation as CVSS.Source:Prioritization to Prediction,Volume 8,The Cyenti
38、a Institute&Kenna SecurityOur research shows us thatBRKAPP-162434 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDetermine likelihood of exploit with KennaUse data science to identify real Use data science to identify real vulnerability riskvulnerability riskMachine learn
39、ing leveraging real-time and historical data to predict exploitation Leverage a better remediation methodology compared to CVSSNative backend integration maps Kenna scores to discovered vulnsCombine findings into vuln and threat context for business risk scoresHybrid ApplicationsBRKAPP-162435 2023 C
40、isco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHigh-risk remediation strategies1.09%1.09%of these CVEs are considered high-risk by KennaMissed highMissed high-risk vulnsrisk vulns111111 CVEs found high by Kenna but not found high by scanner5151 CVEs found high by Kenna but not
41、found high by CVSS134,903 fewer vulnerabilities to remediate compared to the scanner98,016 fewer vulnerabilities to remediate compared to CVSSCVSSCVSSScannerScannerKennaKenna100,034136,9212,018High-Risk CVEs by Remediation StrategyA real dataset of 184,306 vulnerabilitiesBRKAPP-162436 2023 Cisco and
42、/or its affiliates.All rights reserved.Cisco PublicVulnerable Behavior DetectionIdentify when vulnerable code has been reachedBRKAPP-162437Monitor vuln method usageRemediate the libraries that introduce the biggest riskIdentify risky runtime eventsInvestigate and remediate call paths to vulnerable c
43、odeHybrid Applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAttack DetectionAnalyze runtime events Parse and process application behaviors against our detection engineExpose attack triggerIdentify and expose what is of most interest from the eventCorrelate vulnerable code
44、Show when known vulnerability was exploited in the attackFind threats in monitored runtime eventsBRKAPP-162438Hybrid Applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicControl runtime behavior Without having to touch any codeUse stack traces&behaviorBuy devs time with targ
45、eted protectionBlock access to sensitive resourcesEnforce compliance across applicationsRuntime ProtectionReduce alert fatigue and provide more targeted protections BRKAPP-162439Hybrid Applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAPI Security Insights from
46、PanopticaIdentify risk introduced by 3rdIdentify risk introduced by 3rd-party APIsparty APIsAutomatic discovery of API dependenciesDetermine security posture of APIsNative backend integration requiring no configurationFindings combined into application context for business risk scoringHybrid Applica
47、tionsBRKAPP-162440 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveE-CommerceLocationPersonalizationChatAIAssociateMarketingScan and goPOSWhere should we focus our energy to reduce risk to our digital business?ConsumerNetOpsAppOpsandDevOpsInfraOpsSecOpsBRKAPP-162441 2023 C
48、isco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCorrelate findings to Business TransactionsGive deeper context to guide prioritizationGive deeper context to guide prioritizationAutomatically detect vulnerabilities and threats using existing AppDynamics agentsCorrelate findings t
49、o application entities and transactionsBlock attacks with code-level policyBusiness context locates risk within critical transactionsHybrid ApplicationsBRKAPP-162442 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRisk scoring with business-contextTailored prioritization b
50、ased on likelihood Tailored prioritization based on likelihood and impactand impactBuilds a customer-specific view of security riskLeverage findings and intel from Cisco Kenna,Panoptica,Talos,SnykContinuously assess score reflect real-time riskPrioritize remediation and mitigation efforts by what ma
51、tters to the bizHybrid ApplicationsBRKAPP-162443 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveComponents of Business Risk assessment44BRKAPP-1624Internet accessibleImportant business transactionUnsafe APIAccess to dataExploitable vulnerabilityThreat activityHybrid Appli
52、cations 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBusiness Risk Observability Use Case45VisibilityInsightAction12SecOps mitigates threats with a blocking policy in Secure Application to block suspicious method calls5Webex for collaboration to expedite mitigation and
53、remediation43Tickets created for fast,coordinated Ops and Development response6Development uses remediation guidance to fix the vulnerabilityA new vulnerability is automatically detected in a production serviceCritical risk is identified in an important Business Transaction that is publicly accessib
54、le,has access to a data store,and this vulnerability is predicted to be exploitedContinuous monitoring of policy violations and vulnerability remediations as well as associated Business Risk score changes7BRKAPP-1624Business Risk Demo for Hybrid ApplicationsFireside ChatBrad WelshAPM Program Manager
55、Indiana Office of TechnologySecurity insights for Cloud Native Applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveModern(cloud native)application monitoringCloud-native applications(DevOps,CloudOps,SRE,monitoring admin)Observe modern applications andcloud-hosted
56、workloadsThrough full-stack observabilityPurpose built from the ground upCloud Native Application ObservabilityBRKAPP-162449 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBusiness risk observability for cloud native applications Locate and highlight threats and vulnerabi
57、lities across k8s and containers,securing deployment of modern applications on k8sDetect and protect against leakage of sensitive data with pre-defined expressions to ensure complianceCombine threat and vulnerability intelligence from Cisco Kenna and Panoptica with business impact and runtime behavi
58、or to provide a business risk scoreGA in Q3CY23Security insights moduleCloud Native ApplicationsBRKAPP-162450 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecurity insights module architecture 51BRKAPP-1624Cisco FSO PlatformCloud Native ApplicationObservabilitySecurity
59、insights modulePanopticaKennaWorkloadsKubernetes Cisco collectorsMELTSecurity insightsControl planeCloud Native Applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInfrastructure PostureSensitive Data RedactionDetect VulnerabilitiesRuntime container vulnerability
60、detection with remediation guidanceFind configuration issues and vulnerabilities in Kubernetes configurationsAutomatically detect and redact data leakage to maintain complianceBusiness Risk ObservabilitySecurity insights moduleCorrelated with Application and Business contextCloud Native Applications
61、BRKAPP-162452 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUncover Kubernetes security postureIdentify risk introduced by K8s&Containers Identify risk introduced by K8s&Containers Native backend integration with PanopticaInfrastructure risk cross-corelated with applicat
62、ion entitiesFindings combined into application context for business risk scoringBRKAPP-162453Cloud Native Applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDetect and redact sensitive dataMaintain compliance and protect customer Maintain compliance and protect c
63、ustomer datadataPII leakage insights mapped to source entities to clamp down leakageLeverage prepackaged PII detection expressions to enable faster protectionBuild custom policies and expressions to detect and redact any dataCombine findings into vuln and threat context for business risk scoresBRKAP
64、P-162454Cloud Native Applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveComponents of Business Risk assessment55BRKAPP-1624Internet accessibleImportant business transactionSensitive data leakageInsecure Kubernetes configurationExploitable vulnerabilityAccess to d
65、ataCloud Native ApplicationsBusiness Risk Demofor Cloud Native Applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveZero Friction EnablementInstant ActivationFast Time to ValueNothing to DeployDashboards visible in minutesPart of existing agents with native integra
66、tionsQuick path to resolve pain even in non-productionBusiness Risk ObservabilityBRKAPP-162457Buzz on the street 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public2021 CyberSecurityBreakthrough AwardsOverall Web Security Solution of the Year2022 CyberSecurityExcellence AwardApplicatio
67、n Security Product of the YearBRKAPP-162459 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicCisco AppDynamics was ranked#1 by a wide margin in the Gartner 2022 Critical Capabilities report for Security Operations use cases.Security is a AppDynamics strength-GartnerBRKAPP-162460 2023
68、 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAward Winning Power on Display“After days of working around the clock,my team and I can finally get some sleep!”Director,AppOps Travel/Hospitality CustomerDecember 20,2021Log4j Vulnerability Mitigation Currently Applies to both C
69、VE-2021-44228 and CVE-2021-45046.BRKAPP-162461 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApp TeamFocused on velocity&user experienceSecurity TeamFocused on vulnerabilities&threatsBRKAPP-162462 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv
70、eFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!63BRKAPP-1624These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees w
71、ill also earn 100 points in the Cisco Live Game for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Captu
72、re the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive66Gamify your Cisco Live experience!Get points for attending this session!Get points for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123466 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKAPP-1624#CiscoLive