Top technologies / solutions available for Application Security

Applications can be broadly classified into three categories viz. Thick client applications (Client/Server), Web Applications (Access over Internet or Intranet) and Mobile Applications. Thick client applications are increasing becoming obsolete.

(Read more:  Database Security Vendor Evaluation Guide)

Today most of the client server applications are web and mobile enabled, thus exposing them to wild Internet. So, Applications security has assumed paramount importance from the following viewpoints:

  • Access to applications and web services (Access controls and Identity & Access Management)
  • Availability of applications based on the criticality of the application to the organization’s normal business operations. So, it is important to protect Web applications from malicious attacks on the web applications. Most of the organizations have realized that the security posture of these mission critical applications are to be constantly reviewed and vulnerabilities are fixed based on the risk posed by the vulnerabilities. So, we are increasingly seeing the customers are requesting for Vulnerability Assessment & Penetration Testing on periodical basis. (Vulnerability Assessment & Penetration Testing are key service requirements for web applications security)

(Read more:  Technology/Solution Guide for Single Sign-On)

  • Web Application firewalls combined with Threat Intelligence are being increasing deployed to perform deep packet inspection of network traffic and address risk associated malicious network traffic  
  • In recent days, the clients are increasingly performing source code security review to address the security vulnerabilities during development stage itself. So, there is an increasing need of low cost source code analysis tools. Currently, adopting the Source Code security review with automated tools are prohibitively expensive for small size projects. Static Code Analyzers with low cost and less false positive rates are the need of the hour to address most the security vulnerabilities during the development stage of a solution or product.
  • For mobile applications security, most of the clients are looking at performing mobile application penetration testing and source code security review through automated tools and expert analysis.

Pros - Cons of the different type of available technology / Solutions

Identity & Access Management Solutions: While it streamlines provisioning access to applications and revoking access in a seamless fashion, rollout is a long drawn affair. Each organization and structure is unique in its own way. It requires commitment, dedicated focus of top management for ensuring the successful rollout of the IAM solutions and integration of heterogeneous applications into IAM solutions. Usually these are very expensive solutions and requires large budgets. Requires very experienced domain experts in IAM solutions implementations and involvement of business.

(Watch more : Latest Attacks Vectors and Threats on Aircrafts and Unmanned Arial Vehicles)

Vulnerability Assessment & Penetration Testing (VAPT): Provides the benefit constant assessment of security posture of mission critical applications and helps in addressing the risks associated ever evolving threats. VAPT is considered by many organizations can effectively help them identify the threats and associated risks and prioritize their remediation based on the risk levels.

Source Code Security Analysis: Very effective is properly done.

Web application firewalls and Threat Intelligence: Effective in address malicious network traffic. While rollout timelines are small, very expensive solutions. Suitable where the solutions do not have appropriate support to fix vulnerabilities at application level and tactical need.

More:  Want to share your insights? Click here to write an article at CISO Platform

Choosing the right technology

Following are the major areas that CISOs should focus when selecting the right product/solution

  • Out of the box features supported by the products and ability integrate with SIEM solutions to help generating real-time or near real-time security alerts on security incidents or attempts of exploitation
  • Easy to deploy, configure, administer and maintain. Complexity of the security solutions reduces the effectiveness and adoption
  • Last is the cost. It should justify the risks the product can address and mitigate.
  • Support and future roadmap

-By N.Nataraj, CIO , Hexaware Technologies Pvt. Ltd. 

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform