Dynatrace Enhances Application Security With AI-Powered Vulnerability Prioritization

Rhea-AI Summary

Dynatrace (NYSE: DT) has launched the Davis® Security Advisor, an AI-driven tool to enhance application security. This innovation identifies and prioritizes vulnerabilities in software libraries and open-source packages, allowing DevSecOps teams to address significant risks efficiently. According to Forrester Research, 89% of CISOs find modern architectures complicate vulnerability management. The Security Advisor is designed to tackle these challenges by automating the detection process and prioritizing remediation based on factors like vulnerability severity and business impact. This tool will be available within 30 days.

Positive

• Introduction of Davis® Security Advisor enhancing application security.
• Automates vulnerability detection, improving efficiency for DevSecOps teams.
• Prioritizes vulnerabilities based on severity and potential business impact.

Negative

• None.

Software intelligence company Dynatrace (NYSE: DT) announced today its new Davis® Security Advisor, an AI-powered enhancement to the Dynatrace® Application Security Module that automatically surfaces, prioritizes, and details the software libraries and open-source packages representing the greatest risk to an organization. This empowers DevSecOps teams to make more informed, real-time decisions and address the most critical vulnerabilities first, which allows them to reduce the risk facing their organization with greater confidence and efficiency, leaving more time to drive innovation.

Dynatrace Davis® Security Advisor (Photo: Business Wire)

According to a Forrester Research report by Principal Analyst Sandy Carielli, “Applications remain a top cause of external breaches, and the prevalence of open source, API, and containers only adds complexity to the security team.”¹ This is reinforced by recent Dynatrace research, which revealed 89% of CISOs say cloud-native architectures and container runtime environments have made it more difficult to detect and manage software vulnerabilities.

The new Davis Security Advisor addresses these challenges. Optimized for cloud-native environments and powered by the Dynatrace AI engine, Davis®, it automatically monitors all software libraries used in preproduction and production, and removes false positives. In addition, Davis Security Advisor aggregates vulnerability data in real-time and prioritizes remediation based on multiple dimensions of risk, including:

• Number of vulnerabilities caused by each software library.
• Vulnerability severity, which is based on the common vulnerability scoring system (CVSS) rating of each vulnerability and whether the relevant code is used at runtime.
• Threat context, which reflects whether there is a known public exploit for each vulnerability.
• Asset exposure, which indicates whether the vulnerable code is communicating with the internet.
• Potential business impact, which is determined by whether the processes that include the vulnerable library are connected to sensitive data.

“Cloud-native architectures fuel digital transformation, but traditional application security tools simply cannot keep up with the rapid pace of change in these environments and fail to surface key insights like whether vulnerable code is used at runtime,” said Steve Tack, SVP of Product Management at Dynatrace. “Manual processes and piecemeal solutions that don’t aggregate data from across these environments force teams to waste time chasing false positives and leave organizations vulnerable to risk. By automatically surfacing the most critical vulnerabilities and providing code-level detail and prioritization based on business impact, Dynatrace enables DevSecOps teams to work smarter, not harder, as they reduce their organizations’ risk exposure.”

Davis® Security Advisor will be available within the next 30 days. For more information, please visit the Dynatrace blog.

About Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation. With automatic and intelligent observability at scale, our all-in-one platform delivers precise answers about the performance and security of applications, the underlying infrastructure, and the experience of all users to enable organizations to innovate faster, collaborate more efficiently, and deliver more value with dramatically less effort. That’s why many of the world’s largest enterprises trust Dynatrace® to modernize and automate cloud operations, release better software faster, and deliver unrivalled digital experiences.

To learn more about how Dynatrace can help your business, visit www.dynatrace.com, visit our blog and follow us on Twitter @dynatrace.

_____________________________

¹ Source: “The State of Application Security, 2021,” Forrester Research, Inc., March 23, 2021

View source version on businesswire.com: https://www.businesswire.com/news/home/20210617005280/en/

FAQ

What is the Davis® Security Advisor launched by Dynatrace?

The Davis® Security Advisor is an AI-powered tool designed to enhance application security by identifying and prioritizing software vulnerabilities.

How does Davis® Security Advisor help DevSecOps teams?

It allows DevSecOps teams to address critical vulnerabilities efficiently and make informed decisions in real-time.

When will the Davis® Security Advisor be available?

The Davis® Security Advisor will be available within the next 30 days.

What challenges does the Davis® Security Advisor address?

It addresses challenges related to managing software vulnerabilities in cloud-native architectures and automates the detection of critical risks.

What percentage of CISOs find it hard to manage vulnerabilities in modern architectures according to Forrester Research?

According to Forrester Research, 89% of CISOs report that cloud-native architectures and container environments complicate vulnerability management.