3 ways Contrast helps to build digital resilience

Cyberattacks, supply-chain issues, flooding, tsunamis, wildfires, equipment failures and even war: The financial sector has no choice but to keep operations running through all these — among other — types of disruptions, challenges and incidents. 

The crucial need to maintain operational resilience has lit a spark under regulatory authorities, which are increasingly emphasizing the imperative of preparedness for unexpected events. One prime example: the European Union’s Digital Operational Resilience Act (DORA), which establishes a comprehensive framework for financial organizations to identify, prevent, mitigate and recuperate from incidents so as to maintain critical functions, deliver essential services and meet their obligations to customers, stakeholders and regulators, despite adverse circumstances that affect information and communication technology (ICT) attacks.

To read more about how Contrast supports DORA, download our solution brief. 

What is DORA? 

The Council of the EU comprises government ministers from each EU country who are authorized to create and amend laws and coordinate policies. In November 2022, the council adopted DORA with the goal of providing consistent IT security standards for financial institutions (banks, insurance companies and investment firms) across all EU member states so as to keep the EU financial sector resilient against cyber threats and operational disruption. 

In December 2022, DORA was published as Regulation (EU) 2022/2554 in the Official Journal of the European Union. The Act — which is a binding regulation for all EU members, as opposed to being simply a directive — went into effect on January 16, 2023. 

How Contrast Addresses DORA Requirements 

Article 25 of the legislation from the Official Journal of the European Union, details the essential elements for testing of ICT tools and systems. Securing custom applications and APIs — including third-party libraries used by EU financial services firms — is key in meeting this new regulation. Contrast Security supports DORA Article 25 with the Contrast Secure Code Platform in the following ways: 

Contrast supports the DORA testing requirements of §25(1) for vulnerability assessments and scans, open-source analysis, scanning software solutions, source-code reviews, end-to-end testing, and penetration testing.  Contrast automates the process of performing these assessments, providing highly accurate results in real time as a part of the normal development process.

Contrast’s speed and natural pipeline integration makes it uniquely capable of meeting the requirements of §25(2) for performing vulnerability assessments of new or existing applications and APIs, components and ICT during every deployment or redeployment. Contrast automatically performs vulnerability analysis during normal manual and automated QA tests, so that no extra security activities are required.

Contrast’s unlimited scalability, real-time analysis and high accuracy delivers the capability to achieve an unmatched balance of scale, speed and effort under §25(3), maximizing software security with a minimum of effort. 

Contrast Security can help secure your applications and APIs — a key step toward compliance with DORA Regulation (EU) 2022/2554. Schedule a demo and see how it works. 

Time for Runtime Security

We see a future where every stack includes Runtime Security and software development organizations have a healthy Application Security (AppSec) program delivering fast remediation, minimal backlog and high-speed innovation. 

Have a listen to this episode of the Application Security Podcast, in which we discussed Runtime Security, including key perspectives on:

• Why DAST is easily replaced by IAST
• Whether it’s time to throw out your web application firewall (WAF)
• Differences in detection and rule technologies between RASP and IAST
• Is Runtime Security your AppSec panacea?

Read more:

• 3 Essential Steps to Enable Security in DevOps, By Daniel Betts, Manjunath Bhat, Hassan Ennaciri, Chris Saunderson (Gartner Report)
• Defense-in-depth web AppSec: The case for having both RASP and WAF (Whitepaper) 
• Hands-on testing and protecting APIs (Virtual Workshop) 
• Building a modern API security strategy: A five-part series (Blog)
• Hidden dangers of traditional AppSec tools and why Runtime Security is replacing them (Podcast Writeup)
• Lack of Security Observability Thwarts Application Security (Whitepaper)