By Rusty Carter, VP Product Management, Arxan Technologies
Recent research highlighted that application breaches are rising and so are the security risks of running business critical apps in zero-trust environments. With this being the case it is vital that enterprises are given insight into the security posture of their applications, so they can protect against the consistent threat of breaches as well as reduce the risks posed by zero-trust environments. A threat analytics solution can provide this insight, allowing security teams to see whether their applications are operating safely or in a risky environment and to protect against a breach they have foreseen.
Running the risk of applications
Applications that can be downloaded from app stores can be isolated from the network and attacked indefinitely until their defences are broken. Additionally, an application on an app store can be downloaded by anyone, including those who download it for malicious purposes. Once downloaded, the app can be reverse engineered leaving it vulnerable to wide-scale tampering; IP/PII theft; sensitive data theft; tunnelling attacks or API attacks.
Nowadays it is incredibly common for people to use their personal devices for work purposes. This is dangerous as a compromised app will not only attack the individual or the business entity that published the app but could also grant attackers access to enterprise networks. Compromised applications lead to data breaches, which result in several problems for companies, such as brand damage and lost customer trust; direct fraud losses; and, more recently, due to the GDPR, governmental penalties.
Zero-trust environments
Every application downloaded via an app store will run in a zero-trust environment. By following a zero-trust model, the idea of a trusted network is eliminated. In zero trust environments all network traffic is untrusted. This means that the security of these environments is heightened, and verification is always required before access to systems and data is granted. As a consequence, zero-trust environments should in theory reduce the impact of cyber threats, however, where applications are concerned this is not necessarily the case – even if the app is protected.
When a protected application is published to an official app store, an open loop is created. This leaves the app with no way of communicating its current threat status and makes it very difficult for security analysts to monitor it or get ahead of attackers, instead they must react to attacks. At the moment there are over 5 million downloadable apps out there, meaning cybercriminals have over 5 million opportunities to reverse engineer code and execute data-stealing attacks.
Can the loop be closed?
Within an open loop, applications are still very much protected, however, this protection is not updated because no feedback nor update instructions are provided to the apps. Essentially, when an open-loop is created, there exists a control system for an operation or process, which has no self-correcting action. Currently, the majority of enterprises run an open loop application security process.
The best way to secure an application is by closing this loop or by creating a system which can receive feedback about the application’s security posture. The loop can be ‘closed’ by implementing threat analytics. Security teams can learn from these analytics about where and how to update their app’s protection. With threat analytics, security teams gain real-time visibility into when, how and from where an attack is happening. This provides them with the ability to optimise their response immediately, which can mean the difference between stopping a threat before it spreads or sorting through the wreckage afterwards.
How can organisations benefit from threat analytics?
We’ve already stressed the importance of a ‘closed-loop’ and that threat analytics is the way to go about it. But how exactly does this work? By using threat analytics, organisations have visibility into intelligence dashboards and reports that provide insights into the threat environment applications are operating in; an awareness of the application’s security posture as soon as it is deployed; and the integration of threat data into existing systems. Combined with security research, threat analytics provides a real-time, comprehensive view of current application threats and educates security teams on how to effectively protect their apps against them.
Strong enterprise security posture
Security posture is always going to be strongest when businesses can holistically respond and adapt quickly to attacks. Having insight into when apps are under attack or running in a risky environment as well as insight into details of attack trends, enables security teams to take appropriate countermeasures to those threats and get ahead of the attacker. It is this insight that confirms to an organisation and its security team that they have effective and reliable protection in place.
Detection and reporting of threats to an application from the moment they are deployed is critical to adapting everything from application protection to network and other datacentre defences. With the threat of application breaches continuing to grow and applications being so widely used, for both business and leisure, organisations need an advanced solution like threat analytics to protect themselves against attack.