Products
Solutions
Learn
Company
blog-hero-directory
Market Research

App Security Benchmark Report

July 13, 2022
Print Article

How to Solve Today's Largest Security Challenges

The rapid digitization that began in 2020 exposed new application surfaces to old vulnerabilities - and new ones. Attack types such as bots targeting APIs and Layer 7 volumetric DDoS attacks now plague application stacks. These issues are compounded by a shortage of security talent, remote working arrangements, and the Great Resignation, and have left IT and security departments scrambling to ensure adequate network and app protection.

Below is the impact that comes with security breaches and why you should pay attention to improving your practices.

AppSecurity-Benchmark-Report-Fig1

To assess these challenges' impact on businesses, Edgio commissioned a survey to understand how organizations adapt their application security practices. Most security and infrastructure executives plan to focus on faster security resolutions in the next twelve months.

Improving application security in 2022

What top application security-related analytics and intelligence challenges you/your business will focus on solving in the next twelve months?

Findings:
  • 57% want faster resolution of security issues in their operations

  • 36% want greater visibility into attacks

  • 35% want to identify and remove vulnerabilities

1. Solution: Reduce reaction time

It's time to determine the root causes and detect security issues faster.

The first step is to have the web application firewall (WAF), web application and servers send logs and events to a security information and event management (SIEM) solution. the SIEM analyzes the data and determines patterns. It can create an alert or support ticket when it detects an anomaly.

In some cases, SIEMs can launch automated responses, which enable you to gain insight and react on demand. This empowers your personnel to respond to issues promptly.

2. Solution: Monitor emerging threats with SIEM

A SIEM that integrates with a traditional on-premise WAF or a cloud WAF can use the event data to find anomalies and new patterns.

Suppose a threat actor is performing reconnaissance on the web application, a SIEM can alert on the increase of the 4XX and 5XX, or that the web traffic is deviating from typical web patterns.

If your application uses a CDN, remember to capture CDN logs into your SIEM. You'll also need to enrich data from your other systems to create intelligent alerting to help your operations and security teams analyze and investigate anomalies.

When a CDN WAF is activated, the SIEM can use the CDN events in addition to WAF blocks to provide a complete, end-to-end picture of normal traffic patterns, anomalies, and security threats.

3. Solution: Leverage analytics

Now it's time to better understand threats by using a security solution that visualizes historical data. Lookout for a solution that shows the variety, frequency and severity of malicious traffic with detailed information about the attack types against your site.

By managing WAF configurations via REST API, you can extract raw WAF logs for additional analysis and perform security automation programmatically. Stay educated through real-life traffic and threat monitoring.

Improving WAF Management

Is your organization using a WAF?

AppSecurity-Benchmark-Report-Fig2

The world has shifted to cloud-based security. According to our survey, nearly 60% of respondents leverage a CDN-based or Cloud WAF – with less than 20% using a premise- based WAF.

These findings aren’t surprising, given cloud and CDN WAFs offer several advantages compared to their on-premise counterparts. Web application and API protection built on a global content delivery network enable teams to inspect and filter every app request without slowing down your systems.

Additional security capabilities such as DDoS protection, fraud and bot management can also be integrated into cloud-based security, keeping malicious traffic far from your critical web infrastructure.

How would you like to see your WAF management improve?

AppSecurity-Benchmark-Report-Fig3

Of those surveyed, 28% are looking to improve their in-house resources. Responsibilities are increasing with security teams taking on web application and API protection.

Seventeen percent indicated that reducing false positives is critical, which correlates with WAF expertise that’s needed to tune the WAF rules and signatures.

In general, solving the security skills gap will be a top priority in the near future. But employee shortages may lead organizations to conclude that enabling in-house teams with better WAF management and application security skills are the best option.

Conclusion

The majority of security and infrastructure executives are concerned about the speed at which they can react to security breaches, how much visibility they have into attacks and identifying and removing vulnerabilities. More than half of respondents leverage a CDN- based or Cloud WAF today.

Create actionable intelligence

By integrating a SIEM that captures real-time log delivery, you can analyze data and determine patterns to detect anomalies. Security teams can build custom dashboards, enable analytics and configure alerting using all the data sources and take action quickly when a threat is detected.

Improve visibility

Lookout for a security solution that provides an end-to-end view of every user – good and bad – coming into your web application. This data should be made available through comprehensive dashboards and raw logs. Ideally, the solution enriches this data with information from location to device to header and cookies.

Remove vulnerabilities

By leveraging Dual WAF mode – a unique feature only Edgio provides – security teams can analyze rule changes against production traffic without disabling production WAF. This tool enables faster, more accurate tests and deployments of security rules with zero WAF downtime.

Edgio builds in protection for your web and mobile apps, APIs and other edge integrations. Our security features run on a globally distributed network that protects your business from vulnerabilities and mitigates attacks. Learn more about how Edgio offers each of the powerful solutions discussed in this paper – and more.

Methodology: The survey was conducted between October 4-15, 2021, and included 168 respondents, of which 81% were from companies with less than 1,000 employees. The primary functions of the respondents were: Security Operations, IT/Infrastructure/Networking, Cloud Development, and Application Development.

Hero Texture Shield 2000x1220

Move to the Leading Edge

Get the information you need. When you’re ready, chat with us, get an assessment or start your free trial.