With more and more applications and ever-more-numerous endpoints, the attack surface for every organization is getting larger and more complex. This trend has placed enormous pressure on security organizations. They need to analyze their attack surface, understand the impact and likelihood of attacks, and then take corrective actions to improve their security posture. Doing all this manually is not scalable. Fortunately, it’s possible to leverage analytics to not only detect or predict attacks, but also identify corrective actions that need to be taken to prevent successful exploitation.
The power of analytics and the role it can play in the security space is well established. Gartner classifies security analytics as:
- Descriptive: What is happening?
- Diagnostic:Why did it happen?
- Predictive:What will happen?
- Prescriptive: What should I do about this?
This classification also serves as a good framework to follow when running an AppSec program.
Figure: Security Analytics Capabilities in WhiteHat Sentinel
Organizations in the early stages of AppSec maturity tend to rely more on descriptive analytics. As organizations’ security programs progress, they start utilizing diagnostic, predictive, and prescriptive analytics to improve security.
WhiteHat Sentinel provides many out-of-the-box reports, dashboards and alerting capabilities that help users monitor and improve application security effectively, regardless of maturity level.
Once you have good visibility into your current status, the next logical step is to take corrective actions – to mitigate or remediate vulnerabilities. However, a typical organization is able to remediate less than 50% of the vulnerabilities found (based on data from WhiteHat’s Web Applications Security Statistics Report). Given this information, it can be much more effective to dig deeper, identify the reasons vulnerabilities are introduced, and then address their root causes. Answers to simple questions like these can go a long way in improving security posture:
- Can most – or particular — vulnerabilities be attributed to specific vendors, teams or environments?
- Are most vulnerabilities coming from development teams that have never been trained in secure development practices?
- Do the majority of your vulnerabilities belong to specific classes or modules?
Interactive dashboards, APIs, and customization and integration tools such as those included in WhiteHat Sentinel can simplify diagnostic analysis. If those features are available to you, make use of them to manage your security proactively.
Once you have established processes and systems to support diagnostic analysis, you need to understand where your largest security risks are. Sentinel, for example, utilizes predictive analytics to assess application security risk holistically, using the WhiteHat Security Index (WSI). The WSI score for an asset is calculated based on a broad range of factors, including historical vulnerability information, remediation rate, scanning frequency, vulnerability risk levels, site complexity, and more. Using the WSI score allows you to pinpoint your highest-risk assets and focus your remediation effort where it will be most valuable.
Organizations with the most advanced application security programs leverage predictive analytics to strengthen their security. Runtime Application Self Protection (RASP) enables applications to control execution and to detect and prevent threats. (Sentinel offers RASP capabilities through our partner, Prevoty.) RASP is an effective way to mitigate vulnerabilities until a permanent resolution can be identified and implemented.
Sentinel offers a full spectrum of capabilities, from standard reports to very advanced predictive and prescriptive analytics-based solutions, to help organizations at all maturity levels assess and improve their security posture. Are you using the power of your analytics tools to their fullest extent? What tools and services are working for you? Share your thoughts, comments and feedback. We love to hear from you!
 Gartner, Inc., “The Fast-Evolving State of Security Analytics, 2016”, Avivah Litan, Toby Bussa, Eric Ahlm, 04 April 2016