Integrating Application Security into Detection and Response

Applications increasingly targeted by attackers

• Web application and API breaches are among the top three attack vectors.¹
• 68% of incidents are caused by known software vulnerabilities or internal applications.²
• 78% of cybersecurity professionals reported experiencing an API security incident in the past 12 months.³
• According to Crowdstrike, 57% of survey respondents ranked "Getting full visibility into applications and APIs" as a top application security challenge.⁴

Cyber defenders need to react to application attacks more quickly

• The average breakout time, the average time it takes an adversary to move laterally within a victim network after gaining access, was 62 minutes in 2023.⁵
• The average cost of a breach cost $4.88 million in 2024. On average, the cost of a breach is $1.38 million lower when a breach is detected early.⁶

Why can’t existing application security tools keep up?

Downsides of WAFs

• Relies on static signatures or known patterns to identify threats: two methods that sophisticated attackers can evade. 
• High number of false positives or alerts that aren’t clearly actionable.

Downsides of EDR for protecting applications

• No way to know if code inside the application is manipulated.
• Can miss attacks that occur entirely within the application layer.
• SOC may have to wait until an application is compromised before EDR detects the threat.

Why SOC teams can’t effectively protect applications today

• Can’t see behavior of the running app in production
• Lack true contextual awareness of the application (i.e., application criticality, known vulnerabilities correlated with suspicious behavior)
• May not have the proper tooling to remediate
• Unable to address specific non-kernel threats such as SQL injection, server-side forgery (SSRF) and JNDI (Java Naming and Directory Interface) on their own

Key benefits of ADR

• Visibility gap closure: ADR provides deep insight into the runtime behavior of applications and APIs illuminating vulnerabilities and attacks. 
• Proactive threat mitigation: It detects and responds to attacks at their inception, preventing escalation. 
• Context-rich alerts: These help security teams quickly identify and remediate threats with actionable intelligence.
• Less noise and improved prioritization: ADR distinguishes critical threats from false positives, which reduces the security backlog and streamlines remediation efforts for developers. 
• Smaller blast radius: Containment and mitigation capabilities limit the impact of incidents.

For more information and insights from IDC analysts on the benefits of ADR, download your complimentary copy of their IDC InfoBrief, Market Insights: Application Detection and Response.

¹ 2024 Verizon DBIR
² 2024 Verizon DBIR
³  Akamai Securing Apps Report 2024
⁴ 2024 State of Application Security Report from Crowdstrike
⁵ Crowdstrike Threat Hunting Report 2024
⁶ IBM cost of a breach 2024