Dynatrace enhances application security with AI-powered vulnerability prioritisation

New Davis Security Advisor automatically contextualizes and prioritizes application vulnerabilities to reduce enterprise risk.

Software intelligence company Dynatrace has introduced its new Davis® Security Advisor, an AI-powered enhancement to the Dynatrace® Application Security Module that automatically surfaces, prioritizes, and details the software libraries and open-source packages representing the greatest risk to an organization. This empowers DevSecOps teams to make more informed, real-time decisions and address the most critical vulnerabilities first, which allows them to reduce the risk facing their organization with greater confidence and efficiency, leaving more time to drive innovation.

According to a Forrester Research report by Principal Analyst Sandy Carielli, “Applications remain a top cause of external breaches, and the prevalence of open source, API, and containers only adds complexity to the security team.”1 This is reinforced by recent Dynatrace research, which revealed 89% of CISOs say cloud-native architectures and container runtime environments have made it more difficult to detect and manage software vulnerabilities

The new Davis Security Advisor addresses these challenges. Optimized for cloud-native environments and powered by the Dynatrace AI engine, Davis®, it automatically monitors all software libraries used in preproduction and production, and removes false positives. In addition, Davis Security Advisor aggregates vulnerability data in real-time and prioritizes remediation based on multiple dimensions of risk, including:

• Number of vulnerabilities caused by each software library.

• Vulnerability severity, which is based on the common vulnerability scoring system (CVSS) rating of each vulnerability and whether the relevant code is used at runtime.

• Threat context, which reflects whether there is a known public exploit for each vulnerability. 

• Asset exposure, which indicates whether the vulnerable code is communicating with the internet.

• Potential business impact, which is determined by whether the processes that include the vulnerable library are connected to sensitive data.

“Cloud-native architectures fuel digital transformation, but traditional application security tools simply cannot keep up with the rapid pace of change in these environments and fail to surface key insights like whether vulnerable code is used at runtime,” said Steve Tack, SVP of Product Management at Dynatrace. “Manual processes and piecemeal solutions that don’t aggregate data from across these environments force teams to waste time chasing false positives and leave organizations vulnerable to risk. By automatically surfacing the most critical vulnerabilities and providing code-level detail and prioritization based on business impact, Dynatrace enables DevSecOps teams to work smarter, not harder, as they reduce their organizations’ risk exposure.”

Helping enterprises leverage the power of Generative AI to drive business outcomes and efficiency.
Israel's largest health services provider partners with Cloudera to use a data lake in its private cloud to manage and analyze data from over half the country’s population in real-time for quicker and better-informed decision-making, improving the quality of patient care.
Genesys has introduced expanded generative AI capabilities for experience orchestration, helping organisations unlock deeper customer and operational insights using the power of Large Language Models (LLMs) as a force multiplier for employees.
Riverbed Alluvio leverages intelligent automation to automate workflows across tool silos with faster time to value.
New vendor-agnostic Cisco Full-Stack Observability (FSO) Platform brings data together from multiple domains at scale.
Enthusiasm about enterprise AI negated by employee concerns over skills and making mistakes.
Mphasis, an Information Technology (IT) solutions provider specializing in applied technology and business process services, has formed a strategic partnership with Kore.ai, the leading enterprise conversational AI platform and solutions company, to bolster its offerings to transform customer experience management and employee engagement for their enterprise clients.
IoT Readiness Framework provides an objective technical standard that allows organisations to compare project performance with others in their industry vertical.