Dynatrace announced that it has enhanced its Application Security Module to provide real-time, automatic attack detection and blocking to protect against injection attacks that exploit critical vulnerabilities, such as Log4Shell.
This builds on existing capabilities, which include automatic detection of runtime vulnerabilities in cloud-native applications and container workloads. As a result, organizations can protect their applications in real time and increase DevSecOps automation, allowing them to strengthen the security of their digital services and accelerate throughput.
“It is imperative that we proactively protect all our systems to help mitigate security risks,” said David Catanoso, the Acting Director of Cloud and Edge Solutions in Infrastructure Operations at the US Department of Veterans Affairs.
“We take a layered, defense-in-depth approach to security, and Dynatrace is one of the solutions we use because it identifies vulnerabilities fast for monitored applications across our clouds. As an example, with the Log4shell vulnerability, its platform delivered and instantly identified exactly where we were affected, prioritized the systems and runtime environments that required immediate attention, and kept us from wasting time in war rooms and chasing false positives.”
Dynatrace Smartscape provides a continuously and automatically updated topology, and Davis, the Dynatrace platform’s AI engine, provides real-time visibility and prioritization of vulnerabilities. This combination enables Dynatrace to strengthen the security of applications with:
- Precise identification and prioritization of vulnerabilities – Providing teams with a clear understanding of the most important vulnerabilities to address and eliminating the time they spend chasing false positives.
- Proactive remediation of vulnerabilities – Achieved through integration into DevOps toolchains, including offerings such as Atlassian, Slack, and ServiceNow.
- Automatic attack detection and blocking – Delivering runtime application self-protection for key Open Web Application Security Project (OWASP) threats, including SQL injections and command injections.
“Organizations are working to improve security posture through application security testing and DevSecOps processes, but it’s not enough for highly dynamic cloud-native environments,” said Steve Tack, SVP of Product Management, Dynatrace. “To enable our customers to be proactive, innovative, and secure, we are thrilled to add the ability to automatically block attacks in real time to our existing strengths – identifying and prioritizing vulnerabilities. With Dynatrace’s intelligence and automation, organizations can reduce risk across the software development lifecycle, accelerate throughput, and secure modern cloud workloads and applications.”