Dear Rampart-AI Community,
Now more than ever, our applications are being targeted by bad actors who have countless ways to take advantage of even the strongest code. One vulnerability is all that is needed to take down your application and tarnish the trust of customers.
Rampart AI™ sat down with experts in application resiliency to talk about:
- How you can protect your application from bad actors.
- How past attacks are impacting the future of security, and
- What we can do to secure our applications for good.
In the cyber world, SolarWinds are one of many examples of a devastating vulnerability.
“When we look at SolarWinds, you can immediately say it was a supply chain attack,” said Lee Krause, CEO of Rampart AI™. “I think really what we've seen is that it was an attack where they took trusted code and allowed it to proliferate through the entire development process.”
That malicious code made it past the DevSecOps process and into sensitive applications in a variety of business sectors.
“And it actually even showed that the current DevSecOp tools are only good at understanding what's being tested or what they're working on, because it easily flew through the whole DevSecOps process. It even made it all the way through tests and into operational production,” Krause said. “So something needs to change to ensure that problems like that cannot occur in the future.”
Another aspect of the cyber world is the power of CSO’s and CISO’s get to set the industries’ course. Sam Curry, CSO of Cybereason, says identity is a key part of every attack.
“There are human beings on the other side who are innovating and picking and choosing the time and means of their attack, and that's second-order chaos,” Curry said. “Human beings are the most devious opponents we've ever faced. And as such, if they're innovating faster than defenders collectively, then the problem's only going to get worse.”
At one point, Hector Monsegur, was part of that human innovation working to break into applications. Monsegur is now the Director of Research at Alacrinet.
“So for quite some time, especially during my time as a bad guy, SQL injections were all the rage,” says Monsegur. “That was kind of a daily thing there. But now, when you start looking at Hacker One or any other, you know, book Bounty Feats, you're seeing a ton of information disclosures.”
Looking into securing your application for good, Curry says it's all about innovation.
"Attackers, they have a much greater rate of innovation and advancement collect," Curry said, "It doesn't have to be that way, but it is. And so they pick their points of attack and they go after things that we just haven't thought about how to update or how to build a nimble scheme for improving."
For a deep dive into the topics touched on in the above blog, watch the recorded live chat on "How to Build Resilient Business Applications."
