• Home
  • How to use Dynatrace
  • Application Security
  • Security problem management

Security problem management

Dynatrace Application Security is designed to enable you to detect, visualize, analyze, monitor, and remediate open-source and third-party vulnerabilities in production and pre-production environments at runtime. The general process is described below.

Software and runtime components

To detect third-party vulnerabilities in your environment, Application Security evaluates software components (libraries) and runtime components (for example, Kubernetes packages).

  • Libraries are reported by OneAgent when a process is loading them. Therefore, only libraries that are in use will be checked for vulnerabilities. Library information is checked and updated periodically.
  • Kubernetes packages are runtime components used by the Kubernetes cluster. They are reported by OneAgent once the component is in use on a node.
    Examples of Kubernetes packages that Dynatrace tracks and scans for vulnerabilities:
    • On the control plane node:
      • kube-apiserver
      • etcd
      • kube-scheduler
      • kube-controller-manager
      • cloud-controller-manager
    • On the worker node:
      • kubelet
      • kubeproxy

Topology changes

Once Dynatrace finds a new third-party vulnerability, it regularly checks for topology changes (for example, when a new reachable asset or data source is involved).

Third-party vulnerability feeds

The third-party vulnerability feeds are checked for updates every five minutes. If there's a new feed available, the information is pushed to the Dynatrace Cluster via Cloud Control/Mission Control. Updated vulnerability feeds are imported into Dynatrace Clusters within approximately two hours.

Based on the existent vulnerability feeds, Dynatrace searches for new vulnerabilities in your environment every minute.

Risk assessment

To determine external exposure and affected data assets, Dynatrace considers the following:

  • Sources - to calculate exposure, Dynatrace analyzes whether incoming web request services and web service calls from the last day come from a public IP address
  • Entities - a vulnerable software component is linked to the process of the reporting component, and the running services in that process group are used to calculate the exposure and whether reachable data assets are affected.
  • Dependencies - To see if data assets are reachable, Dynatrace investigates related services and services that are directly called by those related services. If one of those services is a database, a reachable data asset is affected.