Note to the CISO: Part 2 - Contextually Aware Security Analysis is Here


Last week we wrote about the The Evolving Application Security Landscape. As a recap, the world has shifted to open source being an enabler to rapid development with up to 90% of an application’s code made up of third party libraries.  The security challenges introduced are significant, with many technologies created to help organizations build and deploy secure software.  These technologies include SAST, DAST, IAST and RASP.

Challenges with SAST/DAST

In a hyper connected ever changing world, your application’s security posture does not stay static.  SAST/DAST/IAST are a one time test of your application, designed to report on known security issues at the time of scanning.  The challenge is, known vulnerabilities change at a rapid pace and a one time scan only shows you information related to that application at the time of scanning.  A potential remedy could be to regularly scan and report on the state of your applications, however this is missing another large piece of the puzzle - "The Wild".

What does “The Wild” have to do with Application Security?

What do we mean by “The Wild”?  The Wild is the Internet, App Stores & Markets, Dark Web and traditional Websites. The Wild is made up of many different Android markets, and applications made available for independent loading (side-loading, MDM App Push).  This connected ecosystem is a large and dynamic place where applications are disassembled and repackaged, where brand assets are used for phishing attacks or compromised certificates are repurposed to create legitimate looking secure connections.  The Wild is the place where attackers are constantly trying to identify and leverage vulnerabilities in Open Source libraries.  The Wild is what happens outside the confines of your network and how it can impact the risk posture of either the applications you are developing and publishing or applications you are purchasing and using.  

What do we mean by CAST

Contextually Aware Security testing is MI3 Security’s answer to the limitations of one time application specific scans.  By crawling the application markets, using Open Source Intelligence and machine learning, Mi3 RECON can determine how an application fits into The Wild of the ecosystem and if those relationships impact the risk profile of the app.  Certificates or classes and libraries used by known malicious actors can be indicators of RISK if found in an application you are deploying.  Websites that an application is attempting to contact can also create RISK indicators.  With AppVisualizer, you can visually see and explore the six-degrees-of-separation between assets in your application and how they are related to other applications.  Those relationships can identify assets used by malware; a risk indicator for your app.

CAST also extends beyond single one-time scanning.  By deploying a network of crawlers, Mi3 RECON can identify suspected fraudulent use of brand assets or repackaged apps and notify you automatically.  The continuous monitoring and notification capabilities mean that not only do you not need to continuously rescan your application, you also do not need to manually monitor the multitude of application markets as well. 

In next week’s post we will be discussing what we think the future of application security looks like, including where we think organizations need to go to ensure they are prepared and protected from the ever advancing complexity and tenaciousness of threats.

What To Do Next?

Read Part 1 of the series: The Evolving Application Security Landscape

Contact us to see a demonstration of the RECON Platform

Watch an overview of the Mi3 Security Portfolio