Security Guide Step 1: Consolidate and Clean Up Security Data

The first challenge is to consolidate and clean up data from many tools

Security Guide Step 1: Consolidate and Clean Up Security Data

Editor’s Note: This is the second serialized blog based on our recently published Security Guide: 5 Steps to Get Ahead and Stay Ahead of Application Vulnerabilities. You can also download the entire guide here. In each section of this guide we cover Key Questions, Challenges faced by organizations, and how AppSOC addresses these challenges.

Key Questions

  • Can you see all your vulnerability data in one place?
  • Do your application security teams work in silos? 
  • Do they effectively share vulnerability and risk data?
  • Are you using spreadsheets to manually aggregate data?
  • Is there significant duplication and overlap between your tools?

Challenges

Most enterprises have plenty of security data coming in – the problem is dealing with the volume, interpreting it, and responding quickly to the most critical issues. Effective vulnerability management is crucial in this context. Surveys have shown that organizations use as many as 50 to 100 discrete cybersecurity products, and most of them produce lots of data, logs, alerts, and noise.

If we narrow this down to vulnerability detection, it’s still a long list of disparate tools used by multiple groups at different points in the software lifecycle. While the promise of DevSecOps has been to unify this, the opposite has happened – more tools, multiple data silos, overlapping findings, and little consolidation of results. highlighting the need for robust application security solutions. These siloed tools can include:

  • SAST (static application security testing)
  • DAST (dynamic application security testing)
  • SCA (software composition analysis)
  • CI/CD (continuous integration / continuous delivery) security 
  • Container security
  • IaC (infrastructure as code)
  • Cloud misconfiguration scanners
  • API scanners
  • Infrastructure scanners

While you don’t necessarily need all of these, if your organization develops code, deploys it in the cloud, or manages applications during runtime, you likely have several of these tools, and may have multiple tools in the same category. Effective security management becomes essential to streamline these processes.

The Status Quo: Spreadsheet Hell

It seems obvious that you should bring all this data together into one place, eliminate the duplicates and try to make sense of what’s going on. Unfortunately, the ubiquitous, and inadequate tool we tend to fall back on is the spreadsheet.

While it’s possible to consolidate data in a spreadsheet, it’s painful, slow, and rarely generates clear results. And sharing complex spreadsheets across silos and teams may check compliance boxes, but they usually are skimmed or ignore by recipients.

Duplicate Results. Duplicate Results.

Duplicates are annoying, but surprisingly hard to eliminate. 

Copies are irritating, but unexpectedly difficult to purge. 

While it might be easy to spot the exact match in the title above, the following sentences have the same meaning, but would be hard to match in a spreadsheet. Similarly, data about the threats from different tools in varying formats, can waste a lot of your team’s time.

Even a single code scanner will often find the same vulnerability across multiple libraries or microservices, and legitimately trigger hundreds of similar results. In this case you need to quantify, and roll-up the results, so you’re not overwhelmed by a single issue.

Best Practices for Vulnerability Consolidation

To meet these challenges, you should consider an ASPM solution that includes all these capabilities (plus additional ones detailed in other sections):

  • Orchestration: security tools need to connect, communicate with each other, and seamlessly share relevant data across silos.
  • Aggregation: data from all security silos needs to be pulled together in one place, where you can manage it consistently.
  • Normalization: data from different tools must be converted into a standard format, with a consistent data structure.
  • Deduplication: exact matches, and similar adjacent items must be consolidated to avoid wasting time chasing the same issues in multiple places.
  • Visualization: seeing is believing. You need both a single pane of glass, and a modern UI to visualize issues, spot problems, and quickly drill down into details.

How AppSOC Breaks Through Silos

AppSOC solves this first challenge automatically, consolidating, and cleaning up data from any security tools.

Orchestration & Aggregation

AppSOC solves this fundamental problem by connecting to, and aggregating data from hundreds of security tools, including DAST, SAST, SCA, IaC, CI/CD, cloud, container, API, and other tools, as well as data from internal scans, audits, or pen testing. This comprehensive approach to vulnerability management in cyber security ensures that all these integrations are available out-of-the-box and can be set up in minutes. It also enhances application security testing by providing a unified platform for all security findings.(See our full list of Integrations).

Deduplication

An advanced deduplication engine eliminates time-consuming redundancy and matches similar issues by normalizing data into a common format. AppSOC can also consolidate and quantify similar vulnerabilities that occur in multiple locations.

The platform analyzes multiple data elements of vulnerabilities to identify duplicates. These include:

  • CVE identifiers
  • Library names and versions
  • Source file names and location
  • Vulnerability summaries and descriptions 

When multiple microservices are combined to form an application, the solution identifies unique vulnerabilities across all microservices. This reduces the noise for Security Analysts in their triaging and remediation process.

Centralized Visibility

AppSOC’s intuitive dashboard brings together everything you need to see in one place, to visualize consolidated results, drill down into details, or roll-up results to any level. 

The dashboard provides a single pane of glass across your tools, but also goes much further. An executive view summarizes results at a business level, while a more technical view digs into specific details. You can easily filter results by type, source, libraries, microservices, applications, and business units. 

AppSOC dashboard showing consolidated findings from multiple tools