AUCKLAND, NEW ZEALAND - MAY 04: A lady practices yoga on the summit of Mt Eden as the sun struggles ... [+]
Sit-up straight. We might imagine issuing this admonishment to a slovenly teenager, but it would rarely be applied to software applications. But posture does play a part in the way we manage enterprise IT stacks, especially in the modern era of cloud computing with the weight of all the connections and microcomponent parts that can potentially put pressure on the shape of an organization’s technology backbone.
As a piece of tech terminology, Application Security Posture Management (ASPM) is defined as a holistic process (i.e. one that looks inside all systems, all apps, all user profiles etc.) to evaluate the stance of an organization's applications. While this practice is holistic enough to encompass an analysis of all apps and services, it is weighted towards an emphasis on any given firm’s custom applications; it’s a natural enough focus to consider because custom-built and customized apps are generally more likely to have introduced vulnerabilities (or characteristics that lead them to stay outside the boundaries set by compliance legislature) at some stage in their development.
Why is ASPM important?
CrowdStrike, a company that provides a Cloud-native platform for enterprise security insists ASPM is important (well, it’s what it does, so it would) and suggests that it has emerged as a vital practice, ensuring applications meet stringent security standards and identifying vulnerabilities. Analyst house Gartner predicts that by 2026, over 40% of organizations developing proprietary applications will adopt ASPM to identify and resolve security issues.
Because the growth of cloud computing continues to speed the pace of application development and the frequency of code updates, commentators and evangelists in this space argue that we are creating more ‘soft targets’ throughout our always-on enterprise software stacks. Studies suggest that more than half of major code changes go through security reviews and that these processes end up leading to errors and misconfigurations after code is deployed that adversaries will target.
Hoping to prevent slovenly sofa slumping and straighten the back of our software stacks with its new CrowdStrike Falcon ASPM solution, the company explains this technology as a set of services designed to help DevSecOps teams secure when running cloud-native applications and deliver protection across the entire cloud estate. The complete integration of the branded Bionic ASPM function set into CrowdStrike’s Falcon Cloud Security platform offers agentless application mapping (with agentless in this case meaning more freedom to move around different data repositories, microservices, third-parties, Application Programming Interfaces (APIs) and data flows) and business risk context, which helps customers secure everything from cloud infrastructure to the applications and services running inside of them – ultimately stopping cloud breaches.
As CrowdStrike CTO, Elia Zaitsev tells us, “With Falcon Cloud Security, we’re providing one platform that provides comprehensive risk visibility and workload protection across the entire cloud estate. Applications are a big piece of the puzzle. Falcon ASPM eliminates up to 95% of vulnerability noise, allowing customers to prioritize their top business-critical risks that can be exploited in production applications, so teams know what to fix first based on business impact. We’re now the only Cloud-Native Application Protection Platform (CNAPP) that extends security to applications, providing organizations with a blueprint that bridges the gap between their security and development teams. The ability to track, contextualize and stop threats across disparate clouds, hybrid environments, security tools and workflows – from a single console – reduces a lot of complexity while speeding up defenders.”
Too many acronyms? (TMA)
CrowdStrike claims to have built the first single-agent and agentless Cloud Native Application Protection Platform (CNAPP) that covers the entire cloud estate with complete detection and response. The company says it now goes beyond posture management to also include Cloud Infrastructure Entitlement Management (CIEM), a technology that helps manage which users get access to which systems inside a cloud environment. Too many acronyms yes, undoubtedly, but these approaches now form part of the way we’re managing cloud systems at the backend. You can add Data Security Posture Management (DSPM) too if you’re still breathing, either way it all comes down to sitting up straight.
But sitting up straight is one thing, staying straight is another. According to Zaitsev, here’s where new advances in CrowdStrike Falcon Cloud Detection and Response (CDR) play a role.
“Cloud intrusions have grown 75% in the past year, with adversaries compromising an organization’s environment in as little as two minutes; something we track and refer to as breakout speed. On top of that, we’ve seen a surge in identity-based attacks and adversaries leveraging stolen credentials to exploit gaps in cloud environments. Many CNAPP vendors are marketing CDR, but don’t do Incident Response (IR). Our solution stands out and differs from other vendors with 24/7 coverage. We ultimately do this by advancing cloud SecOps with CDR to meet customer demands in the Security Operations Center (SOC). Again, this goes back to our holistic approach to cloud security – delivering everything a customer needs in one platform – no point products, multiple consoles, or disparate solutions.”.
The integrated Falcon CDR capabilities within Falcon Cloud Security are promised to eliminate the need for multiple ‘point solutions’ (smaller individual installations of software that typically enjoy less integration due to their standalone nature) and reduce operational complexity, providing customers with a unified platform for 24/7 protection against cloud attacks and visibility across. There is also cloud control plane technology here - beginning with Microsoft Azure, Falcon CDR expands visibility into cloud control plane activity, complimenting existing threat hunting for cloud runtime environments.
Surging software instructions
In an ever-evolving cloud estate, the number of attack surfaces increases as developers continually deliver applications and architectures drift from original designs. This often leads to a proliferation of APIs, which if not secured, pose risks, particularly where the threat of cloud intrusions is surging.
This story covers a set of technologies which promise to address these challenges through tools designed to enter systems and find problems (almost like nanotechnology anti-viral drug advancements used on humans) as soon as they arise, in real-time. CrowdStrike underlines the importance of also offering discovery and mapping functions so that organizations can create and meter an ongoing health check across the entire corpus of enterprise IT… and there’s the ability to prioritize responses so that we triage in the appropriate way.
Software posture is an increasingly used term, measure, metric and management function. It’s time to stop slouching and sit up straight, you’ll feel better and breathe more easily, we promise.
