Addressing The Gaps In Application Security

Applications such as ERP, HR/Human Capital Management, CRM/Sales Automation, eCommerce and Supply Chain Management are the lifeblood of a company and contain valuable data that is needed to process business transactions. They are also targets for cybercrimals and insider abuse that can cause major losses across data/IP, employee productivity, sales revenue and financial fraud.  The state of application security is not good.

Consider these datapoints;

• In a recent Ponemon Research Institute report only 12% of security personnel responded that all of their organization’s applications meet regulations for privacy, data protection and information security.

• More shocking is that 79% of organizations focus their defenses primarily on public-facing websites according to the Sans Institute 2015 State of Application Security: Closing the Gap.

It’s no wonder that Gartner Research predicts that by 2019 organizations will spend over $1.2 billion on application security, doubling the $600 million spent in 2014.

Organizations that have been relying on perimeter protection technologies to date to protect applications are now facing a new challenge – the traditional perimeter no longer exists with mobile, Internet of Things & cloud-based applications/services. The infrastructure protection technologies currently deployed within the enterprise by most organizations, such as SIEM, have had limited effectiveness against application-level attacks.  Why?  Because these technologies lack context.

They can’t see and don’t have an understanding regarding what specific application logic means (i.e. process or transaction codes).  They don’t take into consideration all the sources of security data related to a specific application such application level control configuration and security settings, conditional events, specific transaction processes as well as user identities mapped to access authorizations.  The need to better secure enterprise business applications from outsider attacks and insider abuse has become painfully clear due to recent data breaches.

Pathlock Technologies is leading the charge in bridging the gaps in application security through its big data correlation across user access and behaviors within applications.  Pathlock’s automation is able to monitor not only who is accessing core business applications but also what they are doing within the application in real-time (at both the user transaction processing and super-user/admin configuration levels). Click here to view the on-demand Webinar Cyber Governance: Key Considerations for Navigating the New Normal to learn more.