Share this article on:
To detect and protect against vulnerabilities in runtime environments, Dynatrace has extended its application security module, which covers Java Virtual Machine (JVM), Node.js runtime, and .NET CLR.
With these enhancements, the Dynatrace platform aims to provide real-time visibility and vulnerability analytics across the entire application stack, which includes custom code, open-source and third-party libraries, language runtimes, container runtimes, and container orchestrators.
Luca Domenella, head of cloud operations and DevOps at Soldo, explains the new Dynatrace enhancements have helped their team to instantly understand the risk and potential impact of zero-day vulnerabilities, such as Log4Shell, and automatically prioritises the steps required to resolve them.
"We have a proud heritage as a cloud-native business that harnesses agile delivery practices, the latest technology, and a state-of-the-art, secure development lifecycle to bring continuous innovation to our customers.
"Dynatrace Application Security helps to make this possible by giving us comprehensive visibility and analytics across all layers of our complex application ecosystem, ensuring no vulnerability escapes our secure DevOps lifecycle.
"This saves our teams from wasting weeks triaging alerts and enables them to resolve new vulnerabilities in just days or less, so they can stay focused on innovating," Domenella said.
Dynatrace is not only designed to identify vulnerabilities across each of these layers automatically but also analyses them to provide actionable and precise answers out-of-the-box. This empowers development and security teams to assess risk better, prioritise and remediate threats more effectively, and innovate faster and with increased security.
Language runtimes are a critical layer of the application stack as they ensure apps are available and well executed on any platform without having to be rewritten or recompiled. By extending its application security module to support runtimes in the most widely adopted programming languages, Dynatrace is aiming to deliver a comprehensive application vulnerability analysis, spanning all potential entry points in pre-production and production environments.
According to Steve Tack, SVP of product management at Dynatrace, the number of entry points attackers use to target applications continues to expand.
"Vulnerabilities can creep into applications from any part of the software supply chain, including open-source or third-party components and application runtimes.
"Traditional approaches can’t accurately surface vulnerabilities at runtime or analyse their potential exploitability and impact.
"Dynatrace is the only solution that provides runtime vulnerability analysis across the entire application stack and AI-assisted prioritisation for the most popular cloud-native application technologies, now including Golang."
In addition, Dynatrace has extended its support to applications running in Go, one of the fastest-growing programming languages, with adoption increasing by 23 percent last year.
New runtime environment vulnerability analytics and support for the Go programming language position Dynatrace as a solution that provides real-time visibility and analysis across the entire application stack.
"With these capabilities, DevSecOps teams can focus on remediating the most impactful vulnerabilities. This helps them innovate faster, with the confidence that all layers of their applications are vulnerability-free," Tack said.
[Related: Secure State granted CMMC authorisation]