Dear Members,
I am looking for recommendations
How do you monitor application specific alerts. Did you perform the code level analysis or just the logs that application is generating.
What would be the ideal monitoring for an application (apart form infrastructure) where the information is limited.
Thanks in advance
How do you monitor application specific alerts. Did you perform the code level analysis or just the logs that application is generating.
The next generation of application monitoring tools are "Interactive Application Security Testing" (IAST). There are several vendors in this "emerging"space, but I won't make any endorsements here just search for them. Agents are deployed at run time and report back to a central console, from there you can filter alerts and prioritize software defects to fix. If you're running app's in containers then there are other tools out there as well to monitor their behavior in real time.
Hi,
I assume you would like to monitor your application for the alerts during the deployment phase. As part of security management activities pertinent to operations, continuous monitoring is critically important.
having said that, what do you want to monitor for the application?
Monitoring can be performed on any software or their processes. It is important to first determine the monitoring requirements before implementing a monitoring solution.
for instance, In order to monitor and determine if a security incident has truly occurred or not it is first
important to define what constitutes an incident.
Vulnerability Management Program helps you to identifying, classifying, re-mediating and mitigating vulnerabilities, its a continuous monitoring system. it can be compliant with CVE and CWE databases.
Application (Software) logs that provide information about the activity and interactions between users/processes and the applications.
Database logs. These are difficult to collect and often require auditing configurations in the database so that database performance is not adversely impacted. They serve as an important source for security related information and need to be protected with great care, because databases can potentially house intellectual property and critical business data.
If you are dealing with complex containerised, or microservices within cloud circumstances i.e. virtualised environments, has its own challenges. Apart from the traditional tools and there are many, with many claims, everything from ServiceNow, Tivoli suite i.e. Application Performance Manager (APM) or even now look at the whole idea of Network Adaptive Segregation within virtual environments. These techniques provide a logical and technical separation above the e.g. VMWare infrastructure and ESX gateways, and allows you to not only visualise the environment, i.e. North-South flows, but also the East-West flows and decide what is permitted to communicate where and to whom etc. This allows you to apply policies, audit, and enforce them and set thresholds for monitoring applications, and includes patching management and vulnerability management capabilities.
Have a look, with the increasing complexity of our environments, we need to think outside of the box of traditional monitoring tools and adapt ourselves as well.
Regards
Caute_cautm