Application Security Monitoring (ASUs)
Application Security Monitoring helps you to visualize, analyze, and monitor security vulnerabilities in your environment that are related to third-party libraries at runtime.
Application Security units
Dynatrace Application Security is licensed based on the consumption of Application Security units (ASUs). The number of Application Security units that an environment consumes is based on the servers that run applications, which are monitored with Application Security.
There are multiple factors that influence the consumption of ASUs:
- The amount of RAM that a monitored server has (see the weighting table below)
- The number of hours that the server runs
- The Application Security capabilities that are enabled on the server
Application Security capabilities
Currently, Application Security provides two capabilities:
- Runtime Vulnerability Analytics
- Runtime Application Protection
How capabilities affect monitoring consumption
Each capability consumes 1 ASU per hour multiplied by the RAM weight (See the weighting table for details).
Runtime Application Protection (RAP) relies on Runtime Vulnerability Assessment (RVA) to evaluate the vulnerability that an attack is based on. Therefore, a server with Runtime Application Protection enabled always consumes ASUs for both RVA and RAP.
|Host size (based on RAM GB)||Application Security unit weight|
|N x 16||N|
Say that an environment consists of 2 servers with 32 GB RAM each and 1 server with 4 GB of RAM. One of the 32 GB servers is running both RAP and RVA, while the other 2 servers are only running RVA.
If all the servers run 24x7, this environment will consume 54,750 Application Security units per year.
This is calculated based on the following:
- The 32 GB RAM server running RAP and RVA consumes 35,040 ASUs per year.
2 (1 ASU for RVA and 1 ASU for RAP) x 2 (ASU weight for a 32 GB host) x 365 (days) x 24 (hours)
- The 32 GB RAM server running only RVA consumes 17,520 ASUs per year.
1 (ASU for RVA) x 2 (ASU weight for a 32 GB host) x 365 (days) x 24 (hours)
- The 4 GB RAM server running only RVA consumes 2,190 ASUs per year.
1 (ASU for RVA) x 0.25 (ASU weight for a 4 GB host) x 365 (days) x 24 (hours)
When the environment is no longer able to handle the load, the server with 32 GB RAM spins up to handle the spikes, but it only runs a total of 250 hours during the year. So, the consumption is increased by 1,000 ASUs.
2 (ASUs for RVA and RAP) x 2 (ASU weight for a 32 GB host) x 250 (hours)
Combine Application Security monitoring with Full-Stack and Infrastructure Monitoring
Application Security units are consumed concurrently with host units for both Full-Stack and Infrastructure Monitoring. For example, you can monitor the security of a host that runs on a Tomcat server that's monitored with Dynatrace Infrastructure Monitoring only, rather than Full-Stack Monitoring. This approach provides you with Dynatrace Application Security insights, but you won't benefit from improved prioritization based on your topology or the deeper performance insights that are provided with Full-Stack Monitoring mode.
The allocation of Application Security units is only applicable to hosts that run supported technologies. Please contact a Dynatrace product specialist via in-product chat or reach out to your account executive to learn more.