Dynatrace Application Security boosts BizDevSecOps for Kubernetes

Dynatrace extends its new Application Security Module to protect the Kubernetes platform itself, and expands coverage to node.js workloads. With its automatic vulnerability detection and AI-powered risk assessment, Dynatrace Application Security ensures automatic and continuous security. BizDevSecOps teams can mitigate risks with greater speed and efficiency as Dynatrace automatically connects vulnerabilities to individual pods and containers within a Kubernetes cluster.

After announcing our new Application Security Module in December, the fast adoption and great feedback we heard from customers confirmed the urgent need for a more automated approach to continuous runtime application security with full insights into production and pre-production environments.

Dynatrace Application Security enables you to detect and assess software vulnerabilities automatically, optimized especially for Kubernetes from the beginning. Organizations are shifting towards cloud-native stacks where existing application security approaches can’t keep up with the speed and variability of modern development processes. Dynatrace is redefining Application Security, applying the automation, AI, scalability, and enterprise-grade robustness of its platform to change the way security gets done.

Listening to and working with our customers, we are now happy to announce the latest enhancements to our Application Security Module.

Automatic vulnerability detection for Kubernetes platform versions

In cloud-native application stacks, everything is code. Just securing applications and libraries is not enough. You need to go deeper into the stack — into the infrastructure itself.

Kubernetes is highly complex software. If there are vulnerabilities within the Kubernetes platform, that introduces additional risk. This is why Dynatrace is extending automatic vulnerability detection to the Kubernetes platform itself. Dynatrace Application Security now detects vulnerable Kubernetes versions automatically and tracks the evolution of these security problems in real-time.

Continuous and automatic security for Node.js workloads

Dynatrace entered the Application Security market with automatic and continuous protection for Java workloads. The latest enhancement enables our customers to automatically detect and assess open-source and third-party vulnerabilities in Node.js as well.

Node.js and Java are the most popular languages within Kubernetes environments. With this enhancement, Dynatrace Application Security is now able to automatically detect all known vulnerabilities in these technologies with no configuration or user interaction. Dynatrace uniquely combines automatic and intelligent observability with Snyk’s industry-leading vulnerability database to provide automatic and continuous protection, ensuring fast and secure app delivery:

  • Detect vulnerabilities automatically with full runtime visibility

Dynatrace provides real-time insights into everything running in production and pre-production, independent of pipeline checks. Vulnerabilities in Node.js and Java workloads are automatically detected at runtime along the entire dependency tree of open-source and third-party libraries.

  • Identify the biggest threats automatically and avoid false positives

Dynatrace rates the severity of vulnerabilities automatically and precisely, beyond the Common Vulnerability Scoring System (CVSS). Davis, the Dynatrace AI-engine, uses exposure information to assess risk and impact and helps avoid false positives. It considers runtime information like: Is a vulnerable library loaded? Is it used? How relevant is it in the context of the environment?

Dynatrace Application Security boosts BizDevSecOps for Kubernetes
The Dynatrace Davis AI-engine automatically detects and analyzes every vulnerability to assess risk and impact based on exposure information. Now, this is extended to Node.js workloads.

New BizDevSecOps collaboration capabilities simplify remediation

From the beginning, Dynatrace Application Security simplified vulnerability management by providing a closed feedback loop, automatically opening a security ticket when a vulnerability is detected and closing it when it is resolved.

Dynatrace Application Security boosts BizDevSecOps for Kubernetes
Once vulnerabilities are detected and prioritized, Dynatrace provides real-time visibility into their status in a filterable list, also exposed via APIs to drive automation.

To accelerate effective collaboration across teams, we are adding new functionality specifically for Kubernetes environments. These additions accelerate remediation to ensure business-critical applications and digital services on Kubernetes are secure 24/7:

  • Drill down from vulnerabilities to affected Kubernetes pods

When Dynatrace automatically detects a vulnerable library, it also identifies all processes affected by this vulnerability to assess the risk. Now, engineers can use a direct link to the affected container images as well. This makes it easier for teams to determine who is the right person to fix a certain vulnerability between container teams who are pre-installing libraries, and app teams who use them.

Dynatrace Application Security boosts BizDevSecOps for Kubernetes
Engineering teams can easily identify which Kubernetes pods/workloads are affected by vulnerabilities and get additional context for faster remediation. This complements similar drill-downs into applications, services, hosts, and databases.
  • Use role-based permissions for secure access control

Dynatrace lets you assign permissions to view security data. Also, via management zones, users can view security and performance data based on monitored entities, like a certain cluster, or even specific workloads.

Next steps

All Dynatrace Application Security enhancements mentioned in this blog post will be available within the next 90 days.

  • If you are a Dynatrace customer and want to start using the new Application Security Module, please navigate to Security in the product.
  • If you’re not using Dynatrace yet, it’s easy to get started in under 5 minutes with the Dynatrace free trial.

For more information visit our web page and watch the demo or read my Application Security blog. To learn more, see the documentation.

Stay updated