HackDig : Dig high-quality web security articles for hacker

The Hard Problem of Securing Enterprise Applications

2015-03-20 07:00

This paper about securing enterprise applications has been sitting in my email since November. I eventually got round to reading it and apologise for not highlighting it sooner.

Vendor recommended security controls and compliance requirements leave huge gaps in application security. ... Most have no understanding of how the application platforms work, where security events should be collected, norhow to analyze application specific information.

Securing Enterprise Applications describes the problems modern enterprises have with application security: security use cases, security gaps and recommendations. These are my favourite selective snippets. This:

The biggest gap and most pressing need is that most monitoring systems do not understandenterprise applications. To continuously monitor enterprise applications you need to collect the appropriate data and then make sense of it.


Traditional application security vendors who claim "deep packet inspection" for enterprise applicationsecurity skirt understanding how the application actually works.


Continuous monitoring of enterprise application activity, with full understanding of how that application works, is the most common gap in enterprise security strategies.


This means that you can block activity, not just monitor. Properly configured with white/black listing, they help prevent exploitation of 0-day attacks and filter out other unwanted behavior. They work at the application layer so they are typically deployed one of three ways: as an agent on the application platform, as a reverse proxy for the application, or embedded into the application itself.

Read and implement AppSensor. It's free.

Source: snoitacilppA-esirpretnE-gniruceS-fo-melborP-draH-ehT/02/3/5102/ku.rellewdnekrelc.www

Read:3345 | Comments:0 | Tags:detective ids technical threats defense monitoring correctiv

“The Hard Problem of Securing Enterprise Applications”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud