We have talked a lot about how adding 'runtime context' to static security scans helps reduce alert fatigue & prioritizes security protection & remediation based on a risk f/w. However, we haven't shared what are examples of runtime context that we use to achieve this. More 👇
Deep Packet Inspection
Looking at North-South as well as East-West traffic is important, as well as being able to see encrypted as well as plain text traffic w/i the network. Teams can use this visibility to match emerging threats rulesets as well as modsecurity core rules.
Benefits of DPI in ☁️ include:
A. Comprehensive & granular inspection of network traffic, enabling early detection & prevention of potential threats in real-time.
B. Regulatory compliance by enabling fine-grained control and monitoring of network activity.
Correlated Telemetry Across Different Modalities of System Behavior
Teams must be able to observe and correlate anomalous behavior across filesystems, process & system calls, as well as network traffic, security scans, SBOM, etc.
Benefits of correlation include:
A. Early Detection of Advanced Threats - identify anomalous behavior in one area and able to watch other areas
B. Better Incident Response w/ holistic understanding of events
C. Better Understanding of Dependencies - which enables response
Behavioral Analysis in terms of MITRE
Threat actor events in runtime should be mapped & correlated to various stages of cyber kill chain. These threat actor TTPs allows orgs to understand how exactly a threat actor would move w/i the environment to execute a successful attack
Benefits of Behavioral Analysis include:
A. Early threat detection and prevention
B. Improved incident response and mitigation
C. Reduced risk and enhanced security posture
All of this additional 'runtime context' ultimately allows for the reduction of alert fatigue because it focuses on the continuous threats against a ☁️ env & is able to understand what is actively exploitable based on runtime context. Orgs see a 97% reduction in alerts w/ this
If you want to learn more about how @deepfence's CNAPP implements runtime context to help better your security posture, schedule a demo w/ @ryancsmith2222, our Head of Product today!
go.deepfence.io/15-minute-demo
Deepfence
@deepfence
Securing your apps in production across the entire cloud native continuum – clouds, Kubernetes, containers, serverless, and more