cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
adi111
Newcomer II

Security Monitoring for applications

Dear Members,

 

I am looking for recommendations

 

How do you monitor application specific alerts. Did you perform the code level analysis or just the logs that application is generating.

 

What would be the ideal monitoring for an application (apart form infrastructure) where the information is limited.

 

Thanks in advance 

5 Replies
AppDefects
Community Champion


How do you monitor application specific alerts. Did you perform the code level analysis or just the logs that application is generating.


The next generation of application monitoring tools are "Interactive Application Security Testing" (IAST). There are several vendors in this "emerging"space, but I won't make any endorsements here just search for them. Agents are deployed at run time and report back to a central console, from there you can filter alerts and prioritize software defects to fix. If you're running app's in containers then there are other tools out there as well to monitor their behavior in real time.

iluom
Contributor II

 

 

Hi,

 

I assume you would like to monitor your application for the alerts during the deployment phase. As part of security management activities pertinent to operations, continuous monitoring is critically important.

 

having said that, what do you want to monitor for the application?

Monitoring can be performed on any software or their processes. It is important to first determine the monitoring requirements before implementing a monitoring solution. 

 

for instance, In order to monitor and determine if a security incident has truly occurred or not it is first
important to define what constitutes an incident.

 

Vulnerability Management Program helps you to identifying, classifying, re-mediating and mitigating vulnerabilities, its a continuous monitoring system. it can be compliant with CVE and CWE databases.

 

Application (Software) logs that provide information about the activity and interactions between users/processes and the applications.

 

Database logs. These are difficult to collect and often require auditing configurations in the database so that database performance is not adversely impacted. They serve as an important source for security related information and need to be protected with great care, because databases can potentially house intellectual property and critical business data.

 

 

Chandra Mouli, CISSP, CCSP, CSSLP
Caute_cautim
Community Champion

If you are dealing with complex containerised, or microservices within cloud circumstances i.e. virtualised environments, has its own challenges.  Apart from the traditional tools and there are many, with many claims, everything from ServiceNow, Tivoli suite i.e. Application Performance Manager (APM) or even now look at the whole idea of Network Adaptive Segregation within virtual environments.  These techniques provide a logical and technical separation above the e.g. VMWare infrastructure and ESX gateways, and allows you to not only visualise the environment, i.e. North-South flows, but also the East-West flows and decide what is permitted to communicate where and to whom etc.   This allows you to apply policies, audit, and enforce them and set thresholds for monitoring applications, and includes patching management and vulnerability management capabilities.  

 

Have a look, with the increasing complexity of our environments, we need to think outside of the box of traditional monitoring tools and adapt ourselves as well.

 

Regards

 

Caute_cautm

adi111
Newcomer II

Thank you for your suggestion .... we are using Dynatrace app for app monitoring purposes .... But due to high license cost we are not able to monitor all the application.... We have event correlation tools like Splunk enterprise (not ES) were we required to build a dashboard for security for these application....
adi111
Newcomer II

Thanks for the reply...... Like most of organization security is a after thought in app development this is this same scenario.... I am thinking along the same lines to start jack in the vuln,db logs and infra logs of the application and then build the security dashboards.