When assessing application risk, many organisations focus on the obvious: the software that they already know. They then proceed to overlook the full inventory of applications and code when reviewing digital assets. These ‘known’ applications typically have a high brand value or financial value, carry compliance requirements, or have been linked to previous breaches. The real attack surface, however, is usually a lot bigger and requires a lot more effort to police. Perhaps unsurprisingly, most organisations simply ignore this inconvenient fact and hope for the best.
Application Discovery Tools
Protecting your applications at a network layer has been effective, but is not a long-term solution to poorly managed application security. Using automated tools to discover and update applications across the network and/or identify application vulnerabilities is necessary. However, automated tools are typically good only at identifying web-based applications.
Sustainable Application Risk Management
Application security starts with understanding your attack surface. That means identifying all your applications across the whole company, categorising them, and profiling each one with a dedicated application owner.
The full list of applications needs to be profiled and assessed regularly against a set of controls. Any potential customer, no matter their size, should confidently answer these questions at any time:
How many active applications are in use?
What risk do each of these applications pose?
How do we proactively reduce our exposure?
Use Procensus to help you answer – and maintain your answers – for all of the above..