There are several application security products that combine multiple layers – what Koeppen calls traffic processing engines – such as Barracuda, Imperva and F5. That reinforcement can help eliminate tool and awareness fatigue, which ultimately leads to wasting more time and chasing false things. “The biggest challenge is how to handle risk management properly,” he told the CSO. “We need to organize this and integrate as many tools as possible.”
Using automation badly
That brings us to the final issue, whether or not to use automation very effectively. Even with the best tools, alerts can accumulate and take time to analyze. This is where generative AI can help, because it can quickly identify false positives, connect the dots between alerts that need immediate attention, and provide rapid remediation, thereby increasing security throughout the company. “The biggest problem with security software, especially website and API protection is the spread of false ideas,” Venky Sundar, president of Indusface, told CSO..
Automation is important in the modern appsec environment, especially as an aid in performing routine penetration and vulnerability testing. This advice is echoed by many security experts, including the Open Web Application Security Project (OWASP) and CISA.
Source link