Application security

How ADR – application detection and response – can become the ‘EDR for apps’


A wave of high-profile application attacks shook the cybersecurity landscape over the past several months that revealed critical blind spots in traditional security tools. Breaches such as MOVEit, Microsoft SharePoint, Ivanti Gateway and GoAnywhere highlighted the challenges of detecting and mitigating threats in real-time application behavior.

Verizon’s DBIR found that about 80% of cyberattacks now target applications, emphasizing an urgent need to reflect on the way we approach application security (AppSec). This evolution of development practices has ushered in two fundamental shifts for AppSec:

First, today’s applications are constructed in a decentralized fashion, comprising various services that communicate based on mutual trust, often referred to as the "chain of trust." Attackers have evolved beyond exploiting vulnerabilities: they now exploit the application's inherent behavior by manipulating chains of trust. For instance, attackers can bypass authentication mechanisms built into the application, impersonating legitimate entities to gain unauthorized access. These tactics were evident in the biggest breaches of the past year, underscoring the widespread criticality of this ongoing security gap.

Second, organizations invested heavily in building robust practices and processes to help their developers write secure code and avoid vulnerabilities in their systems. However, most companies still lack the needed visibility into how their applications actually work and behave in live environments. Talking to security leaders, we’ve heard that many consider applications the “only true remaining blind spot” in their security stacks today.

As attacks increase in sophistication and exploit the nature of distributed applications, the industry needs to adopt proactive tools that let the AppSec team stay ahead of threats and mitigate breaches. I’m not suggesting that we should replace shift-left strategies, as growing security awareness among developers has become crucial for protecting applications. However, there’s a pressing need to empower AppSec managers with tools that let the security organization both prevent breaches and also proactively detect and mitigate exploitations as they occur. Essentially, real-time detection and response.

It’s become critical to reestablish a balance in AppSec capabilities now that we’re leaning more into microservices and multi-tenant applications, areas where context and behavior are harder to understand. By combining strong, security-aware development practices with runtime-aware, proactive AppSec measures, organizations can achieve a balanced approach to application security and ensure comprehensive protection before and after deployment.

What would a new approach look like?

In response to these challenges, the AppSec community has witnessed the emergence of a new product category: Application Detection and Response (ADR). ADR represents a more proactive AppSec strategy by continuously monitoring the interactions between application services to detect and respond to cyber threats. By leveraging in-application runtime context, ADR establishes baseline behavior standards for services, data flows and authentication mechanisms, allowing it to identify and prevent malicious activities effectively while they happen.

ADR enhances threat detection, and also fosters a more collaborative relationship between AppSec managers and developers. By providing AppSec managers with the tools and knowledge needed to support developers in maintaining a secure application environment, ADR bridges the gap between these critical roles, ensuring a more balanced and proactive approach to application security.

Empowering the future of AppSec

As the "EDR for applications," ADR represents an important new phase in AppSec to address a very critical blind spot. Its integration into a security stack enhances threat detection capabilities, and also promises to cultivate a culture of security awareness and collaboration between different teams. With ADR, organizations can proactively protect their applications before and after deployment, ensuring a robust and resilient security posture in today's dynamic threat landscape. It’s truly a transformative approach to AppSec that empowers organizations to stay ahead of evolving cyber threats and build a more secure digital future.

Daniel Shechter, co-founder and CEO, Miggo Security

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.