Intelligent CIO LATAM Issue 16 | Page 42

FEATURE : CLOUD SECURITY
practices , the latest technology and a state-of-theart , secure development lifecycle to bring continuous innovation to our customers .
“ Dynatrace Application Security helps to make this possible by giving us comprehensive visibility and analytics across all layers of our complex application ecosystem , ensuring no vulnerability escapes our secure DevOps lifecycle .

THE NUMBER OF ENTRY POINTS ATTACKERS USE TO TARGET APPLICATIONS CONTINUES TO EXPAND . VULNERABILITIES CAN CREEP INTO APPLICATIONS FROM ANY PART OF THE SOFTWARE SUPPLY CHAIN .

“ In addition , it helps us instantly understand the risk and potential impact of zero-day vulnerabilities , such as Log4Shell , and automatically prioritizes the steps required to resolve them . This saves our teams from wasting weeks triaging alerts and enables them to resolve new vulnerabilities in just days or less , so they can stay focused on innovating .” that provides runtime vulnerability analysis across the entire application stack and AI-assisted prioritization for the most popular cloud-native application technologies , now including Golang .
“ With these capabilities , DevSecOps teams can focus on remediating the most impactful vulnerabilities . This helps them innovate faster , with the confidence that all layers of their applications are vulnerability-free .”
Missing holistic vulnerability analysis creates risk
Every layer of an application stack contributes to the security posture of an application and can potentially contain vulnerabilities . The number of entry points through which attackers can infiltrate your company ’ s environment is always expanding .
SecOps teams are confronting increasingly complex threats and alert storms . And while effective DevSecOps approaches require collaboration and automation , teams still often work alone in silos . This is because many organizations lack a holistic view and analysis across all layers of their application ecosystem to minimize the attack surface and protect the weakest links . DevOps teams , SREs ( site reliability engineers ), platform teams and SecOps teams aren ’ t always working from a common source of truth :
• SAST tools ( static application security testing ) provide scanning code for vulnerabilities .
• Vulnerability scanners detect vulnerabilities in , for example , language runtimes .
Language runtimes are a critical layer of the application stack as they ensure apps are available and wellexecuted on any platform without having to be rewritten or recompiled .
By extending its Application Security Module to support runtimes in the most widely adopted programming languages , Dynatrace delivers one of the industry ’ s most comprehensive application vulnerability analysis , spanning all potential entry points in pre-production and production environments .
Steve Tack , SVP of Product Management , Dynatrace , said : “ The number of entry points attackers use to target applications continues to expand . Vulnerabilities can creep into applications from any part of the software supply chain , including open-source or thirdparty components and application runtimes .”
“ Traditional approaches can ’ t accurately surface vulnerabilities at runtime or analyze their potential exploitability and impact . Dynatrace is the only solution
This siloed approach renders holistic risk assessment impossible and can lead to ineffective issue prioritization and blind spots .
Full-stack runtime vulnerability analysis
With new enhancements , Dynatrace Application Security now provides Runtime Vulnerability Analysis across the entire application stack in cloud-native environments . Uniquely , Dynatrace not only identifies vulnerabilities across all layers , it also analyzes them automatically . This provides actionable out-of-the-box insights to CISOs and SecOps teams that can be used to assess risk , prioritize , and collaboratively remediate threats with other teams .
Dynatrace adds AI-powered vulnerability analysis for Go
Dynatrace extends its Runtime Vulnerability Analysis to Go on top of Java , . NET , Node . js and PHP . Go is
42 INTELLIGENTCIO LATAM www . intelligentcio . com