In today's rapidly evolving landscape of cloud-based and virtual environments, developers are continually seeking innovative ways to ensure the reliability and security of their applications. While traditional security reference architectures have relied on methods like security information and event management (SIEM) and log analysis tools, there's a new player in town—application performance monitoring (APM) data. Let’s explore how the fusion of APM and security is shaping the future of modern app development and deployment.
The missing piece
Many existing architectures for cloud and virtual environments lack a crucial element: access to APM data. APM data offers a unique approach to early security warnings, but it requires an in-depth understanding of the application, which security professionals may not possess. However, collaboration between application and security teams can bridge this gap. While developers aim to understand anomalies within APM data (such as unexpected bugs, or vulnerabilities), security teams strive to ensure these anomalies aren't malicious.
APM tools hold a treasure trove of data that can benefit security professionals. With unparalleled insight into an application’s inner workings, they are a valuable addition to any defense-in-depth strategy. The more intelligent the APM tool, the more effective it becomes for security purposes.
At a minimum, APM tools should offer the following capabilities to be useful for security professionals:
- Tracking external resource access: APM tools should provide visibility into when external resources, like external websites, are accessed by the application.
- Database query monitoring: APM tools should monitor and log all database queries, even when they are obfuscated in cloud-based APM solutions.
- Anomaly detection: APM tools should have the ability to detect anomalies, such as unusual database queries (which can be indicative of a possible SQL injection) or unexpected code paths.
Performance monitoring: APM tools should monitor performance changes, identifying scenarios where activity is either too fast (possibly indicating a denial-of-service attack) or too slow (indicative of misconfigurations or malware presence).
The New Relic advantage
According to the recent Gartner Magic Quadrant and Critical Capabilities for Observability Platforms, application vulnerabilities have been the cause of many high-profile breaches and intrusions. APM and observability solutions, which collect trace telemetry to monitor performance, also capture valuable security signals. And this is precisely why security capabilities within APM and observability tools have quickly become a valuable source of context for real-world incidents like the Log4Shell zero-day vulnerability, ultimately enabling both application and security teams to prioritize and remediate threats faster.
The New Relic market-leading APM platform offers unique differentiators that enable customers to seamlessly integrate application security use cases into their workflows. By prioritizing what matters most and eliminating the mountain of tickets security teams generate, dev teams become more effective and ship more secure code faster. Features like, New Relic single agent, and CodeStream empower customers to enhance their DevSecOps processes while boosting productivity. With capabilities like fully integrated vulnerability management, interactive application security testing (IAST), AI-powered prioritization, and automation, New Relic users can efficiently tackle security challenges. Additionally, the New Relic platform allows for lightning-fast queries across vast volumes of observability and security data, enabling automated responses through data-driven workflows.
Types of threats detected and prevented by combining AppSec and APM
The integration of application security (AppSec) and APM not only optimizes application performance but also enhances security by detecting and preventing various types of threats, including:
- SQL injections: By monitoring database queries, APM tools can detect unusual or unauthorized queries that may indicate SQL injection attempts. AppSec measures can then block these attempts before they cause harm.
- Cross-site scripting (XSS): APM tools can detect anomalous patterns in HTTP requests that suggest XSS attacks, allowing AppSec tools to sanitize inputs and prevent the execution of malicious scripts.
- Denial-of-service (DoS) attacks: Performance anomalies such as sudden spikes in traffic or resource consumption can indicate DoS attacks. APM tools can alert security teams to these anomalies, enabling them to mitigate the attack before it disrupts service.
- Malware infections: Unexpected code paths or performance degradations can be signs of malware. APM tools can flag these anomalies, and AppSec tools can then isolate and remove the malicious code.
- Unauthorized access: Monitoring external resource access helps detect unauthorized access attempts. APM tools can log these attempts and trigger security protocols to block unauthorized entities.
- Data exfiltration: Anomalous data transfers can be indicative of data exfiltration attempts. Combined AppSec and APM solutions can detect these activities and prevent sensitive data from being stolen.
- Code vulnerabilities: Regular performance monitoring can reveal vulnerabilities in the code that could be exploited by attackers. APM tools can highlight these vulnerabilities, and AppSec measures can be implemented to patch them.
The future is here: APM and security
The future of modern app development and deployment is a symbiotic relationship between APM and security. It's about detecting anomalies, sharing data, and fostering close collaboration between application and security teams. As APM tools continue to evolve and integrate with security practices, both developers and security teams will have a powerful ally in ensuring the performance, reliability, and security of their applications. The combination of APM and security is the evolution we've been waiting for, and it's here to stay.
Next steps
Unify APM and security with New Relic today. If you have a free New Relic account, you already have access to New Relic application security if you’re using a supported agent. Read the docs to see how to get started.
Don’t have a New Relic account yet? Sign up for free today. Your free account includes 100 GB/month of data ingest and one full user.
The views expressed on this blog are those of the author and do not necessarily reflect the views of New Relic. Any solutions offered by the author are environment-specific and not part of the commercial solutions or support offered by New Relic. Please join us exclusively at the Explorers Hub (discuss.newrelic.com) for questions and support related to this blog post. This blog may contain links to content on third-party sites. By providing such links, New Relic does not adopt, guarantee, approve or endorse the information, views or products available on such sites.