Securing the software supply-chain: lessons and trends in autonomous, zero-trust runtime security

Waratek Application Security Webinar Series

During the 2021 APEX CISO National Virtual Summit (#ApexAsembly) we explored how modern enterprise applications are no longer the single-vendor, monolithic software packages of a generation ago.  Today’s modern enterprise application is a thin layer of business logic code sitting on top of a complex web of third-party platforms, frameworks and libraries so that for every 1 line of business logic code that you write, there are 10 lines of invisible third-party code executing inside your application stack that you didn’t write and have no security control over.

New approaches to securing the software supply chain are emerging which go inside the application at runtime to secure the invisible code and memory that comes from outside of your developers and outside of your security control.   During this session we will discuss the vulnerability and compliance trends that are driving the rise of autonomous, zero-trust runtime security solutions for third-party code components and the various forms that such solutions take.  We will conclude with a look to the future convergence of these runtime security solutions with other runtime, in-app products widely deployed today.

Key Takeaways:

  • The security of today’s enterprise applications is overwhelmed by large quantities of third-party code that comes from outside your organisation and outside of your security control
  • Until recently the principal (and often-times, only) solution for securing third-party code has been continuous SCA with manual software upgrades that require considerably developer effort, testing and cost
  • In spite of the widespread adoption of SCA tools in the last several years, vulnerable and/or outdated third-party components has risen from 9th to 6th position in the most recent OWASP Top 10 2021 draft rankings with OWASP warning that this rise reflects the ongoing struggle to test and secure the software supply-chain
  • New runtime security solutions are emerging which use live access to an application’s executing code and memory to provide autonomous security without manual developer effort or tuning
  • Autonomous runtime security solutions are an important new tool in the fight to secure the software supply-chain of modern enterprise applications
  • Runtime application security, runtime container security and APM tools will converge over time as customers look to consolidate the number of runtime products used with their applications
View Now