The current threats are extremely sophisticated and advanced like Sunburst, that attacked supply chain, Log4J or any zero-day attacks etc. are impossible to detect by any signature based or behavioral based threat detection methods. Often, these are detected in production phase where the cost to fix the vulnerability is extremely high.
Observability technology for DevSecOps where runtime vulnerabilities are detected in dev/test environments and are fixed with 1/10 of the costs without the risk of data loss in the production environments.
Having full visibility into 1) who is talking to who, 2) what data is being exchanged is necessary to detect any data loss and any rouge actors. Often this process is referred as Threat modeling but till date, all the efforts have been using the manual methods which become 1) overwhelming task 2) take enormous number of times, often many weeks or months and 3) they are never accurate. In this session, we will explore automated ways of the threat modeling process that can be accomplished within hours and has near zero false positives. As a result, DevSecOps teams have full visibility into if a rogue application/process is communicating with an application and what data is being exchanged.
