appdynamics.

com

Drive intelligent security

with these six Cisco Secure
Application features
Leverage automation and shared business context to build
a resilient application security posture.

© 2023 Cisco and/or its affiliates. All rights reserved.

 What is Cisco Secure Application?
Cisco Secure Application works with AppDynamics SaaS agents to
automate monitoring and observability of application security while
delivering insights that help an organization mitigate threats in real-time
and strengthen its security posture.

Why is automation critical for

application security?
In today’s fast moving, complex application delivery environments
organizations need solutions that can work faster than humanly possible.
Automation provides a constant snapshot of what’s happening in real-
time based on identifying and alerting to anomalies found across large
volumes of data. As such, AI-assisted tools enable resource allocation
for faster innovation — rather than chasing and vetting risks.

The vast majority (93%)1 of global technologists believe the ability

to contextualize security and correlate risk in relation to application
performance, user experience and business metrics is important for
prioritizing vulnerability fixes based on potential business impact.

Harnessing the power of intelligent

application security
• Ops teams can prioritize vulnerabilities based on business impact,
vulnerability information, threat intelligence and application context.
• Dev teams can quickly understand vulnerabilities at a granular level and gain
understanding of location and threat impact within applications.
• Line-of-business owners can make high-level, data-driven decisions based
on risk levels and associated business consequences.

1
Cisco AppDynamics. The shift to a security approach for the full application stack. 2023.

© 2023 Cisco and/or its affiliates. All rights reserved. 2

 Six features that up-level
application security
01 Continuous vulnerability detection
More than base-level scanning, Cisco Secure Application can see
when code being executed has a vulnerability (or not).

How it works
Traditional security practices leverage point-in-time assessments or
infrequent scanning, which can deliver outdated results. With a single
unified agent, Cisco Secure Application provides code-level runtime
security that continuously scans an environment to detect and alert on
vulnerabilities and exploits — in real-time.

How to apply it
Rapidly understanding where and how to prioritize remediation efforts
is one of the biggest challenges in a complex, cross-functional IT
organization. Cisco Secure Application supports a shared context
across teams that eases collaboration for security and ITOps teams, to
quickly agree on where to focus first.

Fig 1: Shows security

insights within the
application flow
map for an easy,
at-a-glance overview

Immediate benefits
Runtime visibility provides an inside-out view of application
dependencies.

• See what’s happening inside the code and prevent exploits.

• Map dependencies to see how an application is impacted.
• Protect application communications without additional firewalls or proxies.

© 2023 Cisco and/or its affiliates. All rights reserved. 3

 02 Automated proactive security
Policy management capabilities enable proactive rule setting to prevent
unwelcome vulnerabilities from reaching databases.

How it works
Cisco Secure Application takes a proactive security approach by
enforcing acceptable behavior and blocking malicious behavior, such
as remote code execution (RCE) at the policy level. In addition, it
automatically checks for all network, file and database calls to ensure
suspicious activity is not occurring.

How to apply it
Zero-day threats are on the rise. Bad actors are waiting to take advantage of
organizations that remain unaware of lurking and costly risks. Cisco Secure
Application eases efforts to identify zero-day and other vulnerabilities at
runtime and block exploits — without added friction or overhead.

Fig 2: Shows an
example of creating a
runtime policy in Cisco
Secure Application
that enforces real-time
controls to block the
execution of vulnerable
library calls.

Immediate benefits
• Identify when vulnerable components are in use.
• Determine if a vulnerability has been exploited.
• Automatically discover vulnerabilities and block against exploits.

© 2023 Cisco and/or its affiliates. All rights reserved. 4

 03 Alerting to what matters
Policy management capabilities enable proactive rule setting to prevent
unwelcome vulnerabilities from reaching databases.

How it works
Even when the user interface is not being viewed, teams can receive
alerts across multiple channels of action-required security events. Cisco
Secure Application can also send security events directly to Splunk
instances and/or push alerts via HTTP request to other platforms. Thus,
integrating vulnerability ID, CVSS score, application tiers affected and
other security findings into existing notification workflows.

How to apply it
Use the HTTP alerting functionality with PagerDuty, JIRA, ServiceNow
and Splunk for a seamless end-to-end security remediation workflow.

Fig 3: Shows an
example of creating a
new alert for specific
entities, conditions
and actions.

Immediate benefits
• Auto-alert teams and tools to expedite action.
• Quickly prioritize and address discovered security issues.
• Eliminate the need for new solutions by working across tools already in use.

© 2023 Cisco and/or its affiliates. All rights reserved. 5

 04 Business transaction mapping
Quickly understand the location and impact of threats within common
application workflows.

How it works
Cisco Secure Application has continuous scanning capabilities that pair
with business transaction mapping to deliver continuous risk updates
based on application and business context and runtime behavior. This
feature allows teams to determine where certain vulnerabilities stack up
against a broader list of known security issues.

How to apply it
Align vulnerabilities and attacks with how internal and external users
describe issues. For example, when users experience slow calls to
a database, they likely describe “a problem logging into a website.”
Therefore, “login” can be identified as business-critical. Business
transaction mapping can identify any login-related critical, high,
medium and low vulnerabilities in real-time. This capability lends
insight to which business-critical transactions have the greatest risk —
at any given time.

Fig 4: Shows business

transaction data
including the business
risk score, top recom-
mendations and risk
trend over time.

Immediate benefits
• Pinpoint risks within business-critical transactions.
• Expose vulnerabilities across transactions for a complete view of risk.
• See risk rankings (low to critical) to aid in prioritizing mitigation strategies.

© 2023 Cisco and/or its affiliates. All rights reserved. 6

 05 Integrated security intelligence
Go beyond CVSS scores. Leverage security intelligence feeds from
Cisco Talos, Kenna and Panoptica to better understand the likelihood a
vulnerability will be exploited.

How it works
• Cisco Talos Intelligence Group delivers granular information feeds from
tracked cybersecurity threats, malware and threat actors that lend a larger
context for risk.
• Cisco Kenna Security provides real-time vulnerability intelligence and
prioritization for each identified vulnerability that when combined with
application context enables teams to prioritize remediation based on
potential business impact.
• Cisco Panoptica analyzes, scores and curates a list of internal and external
APIs that enable developers to make quick, optimal and compliant API
selections to ensure security is embedded into application development
from the beginning.

How to apply it
Automate security-first responses within development processes by
leveraging Cisco threat intelligence feeds to identify bad actors interacting
with your applications and gain detailed vulnerability insights such as IP
addresses so they can be identified upon arrival. Vulnerabilities are equal
opportunity risks, understand within a unique tech stack the likelihood a
known threat will be exploited and prioritize accordingly. Select APIs that
have been security-first vetted by Cisco Panoptica before development
begins, and leverage always-on intelligence to understand the overall and
current risk profile, at any given time.

Fig 5: Shows detailed

vulnerability insights in-
cluding Cisco Kenna risk
score, overall severity
and detection data.

Immediate benefits
• Improve intelligence to serve overall threat prioritization and business goals.
• Create attack and vulnerability maps by business transaction for better
incident management and response.
• Reduce risks from third-party APIs before, during and after development
and receive alerts to API access across resources and suspicious behaviors.

© 2023 Cisco and/or its affiliates. All rights reserved. 7

 06 Business risk scoring
Instantly prioritize remediation actions based on automated threat and
vulnerability intelligence feeds, business-critical impact and runtime
behavior.

How it works
Business risk scoring is a combination of relevant data pulled from
application and business context plus real-time security intelligence
feeds. It considers attacks, code and libraries plus other entities and
context to illuminate the location and size of a vulnerability. And ranks
remediation priorities based on impact to the business, likelihood it will
be exploited and the severity of potential consequences.

How to apply it
To gain a competitive edge, organizations need to see beyond CVSS scores
when vetting risk, especially when monitoring indicates good application
performance but doesn’t identify unknown security risks that may be high.
Leveraging security intelligence from Cisco Kenna and Panoptica, business
risk scoring removes security blind spots across applications and APIs, and
stack ranks priorities based on an org’s identified critical transactions. This
line of sight into the unknown is aided by an always-on view of the top three
actionable recommendations (shown below) to jump start remediation,
based on business objectives and likelihood of impact.

Fig 6: Shows business

transaction data correlat-
ed to risk, actionable top
recommendations and
vulnerability insights.

Immediate benefits
• Protects the bottom line by enabling quick, data-driven prioritization based
on highest threat levels and overall business impact.
• Uncovers security blind spots so teams can better focus on the most
impactful areas first.
• Ensures operational continuity based on integrated security enhancements
across the entire application experience.

© 2023 Cisco and/or its affiliates. All rights reserved. 8

 Ready to learn more?
Request a demo or watch on-demand: The state of cybersecurity:
real-world strategies for mitigating business risk, for more information.

© 2023 Cisco and/or its affiliates. All rights reserved. 9