Software intelligence company Dynatrace announced its new Davis Security Advisor, an AI-powered enhancement to the Dynatrace Application Security Module that
automatically surfaces, prioritizes, and details the software libraries
and open-source packages representing the greatest risk to an
organization. This empowers DevSecOps teams to make more informed,
real-time decisions and address the most critical vulnerabilities first,
which allows them to reduce the risk facing their organization with
greater confidence and efficiency, leaving more time to drive
innovation.
According
to a Forrester Research report by Principal Analyst Sandy Carielli,
"Applications remain a top cause of external breaches, and the
prevalence of open source, API, and containers only adds complexity to
the security team." This is reinforced by recent Dynatrace research,
which revealed 89% of CISOs say cloud-native architectures and
container runtime environments have made it more difficult to detect and
manage software vulnerabilities.
The
new Davis Security Advisor addresses these challenges. Optimized for
cloud-native environments and powered by the Dynatrace AI engine, Davis,
it automatically monitors all software libraries used in preproduction
and production, and removes false positives. In addition, Davis Security
Advisor aggregates vulnerability data in real-time and prioritizes
remediation based on multiple dimensions of risk, including:
- Number of vulnerabilities caused by each software library.
- Vulnerability severity, which is based on the common vulnerability scoring system (CVSS) rating of each vulnerability and whether the relevant code is used at runtime.
- Threat context, which reflects whether there is a known public exploit for each vulnerability.
- Asset exposure, which indicates whether the vulnerable code is communicating with the internet.
- Potential business impact, which is determined by whether the processes that include the vulnerable library are connected to sensitive data.
"Cloud-native
architectures fuel digital transformation, but traditional application
security tools simply cannot keep up with the rapid pace of change in
these environments and fail to surface key insights like whether
vulnerable code is used at runtime," said Steve Tack, SVP of Product
Management at Dynatrace. "Manual processes and piecemeal solutions that
don't aggregate data from across these environments force teams to waste
time chasing false positives and leave organizations vulnerable to
risk. By automatically surfacing the most critical vulnerabilities and
providing code-level detail and prioritization based on business impact,
Dynatrace enables DevSecOps teams to work smarter, not harder, as they
reduce their organizations' risk exposure."
Davis® Security Advisor will be available within the next 30 days.