Trend Micro Cloud One – Application Security
Detection and protection for modern applications and APIs built on your container, serverless, and other computing platforms
Businesses are aligning to cloud-native application architectures faster than ever before. Brought on by streamlined operations processes and the flexibility in build pipeline development tools and services, businesses are using application development as a strategic investment in the hopes that they’ll achieve improved application delivery and customer satisfaction.
A recent study conducted by research firm ESG indicated that 35 percent of businesses were using a combination of containers and serverless platforms for their application builds, with serverless adoption was quickly on the rise.
It continues to become easier to make applications for the web, and businesses are using them at ever-increasing rates. Unfortunately, not everyone—including developers and those who must defend their systems—knows how to secure them properly. With the interconnection of most web applications and IT systems, this lack of knowledge exposes enterprises to security risks from hackers who know how to exploit vulnerabilities in order to gain access to systems, software, and sensitive data.
Trend Micro Cloud One – Application Security is built for speedy deployment, with minimal impact on development streams and performance. It only takes a minute to add the library to your application, and there is no need to change your development code. Application Security bootstraps itself into your application at runtime, as opposed to an SDK that has to be integrated into the application. You just need to include the Application Security library with your application and activate it with the application keys. This approach simplifies how security is delivered and is a significant shift for application developers who need immediate, real-time protection for their apps and customers.
Application Security minimizes design and deployment risks by protecting against sophisticated hacks from inside the application. Optimized for modern application architectures, Application Security immediately blocks unwanted activity in real time to protect data and business logic. The result is unprecedented protection, keeping web application owners and their users safe from hacks with the highest degree of accuracy.
Build secure applications
Protect applications built on dedicated servers, VMs, containers, cloud workloads, and serverless platforms.
Minimize design and deployment risks, and remove the security maintenance burden by protecting against sophisticated hacks from the inside.
Experience faster results
Deploy security as code into applications in only 2 minutes with no additional code changes or rules to set up.
Our more modern, simpler approach to securing your web applications prevents vulnerabilities from being exploited in the first place.
Improve developer productivity
Spend more time delighting your customers with a great application and less time on tedious maintenance caused by coding oversights and weaknesses in dependencies.
Deliver a better experience to your customers, knowing your applications and customer data is secure.
Application Security’s Key Benefits
- Detects and protects against the OWASP Top 10 runtime threats, including SQLi. Remote command execution (RCE) threats are also provided in detection mode.
- Blocks injection and other automated attacks
- Complete coverage and reporting of every attack instance
- Provides full diagnostic details about code vulnerabilities
- Avoids time-wasting false positives and theoretical issues
- Offers insight into an attacker’s identity and attack methodology
- Installs in two minutes—no source code changes required
Applications with security in mind
Trend Micro Cloud One – Application Security delivers an embedded security framework for your web applications and containerized web apps, including Kubernetes and serverless functions to easily protect their microservices applications in traditional, cloud, or Kubernetes environments.
Unlike signature-based tools, Application Security secures against code vulnerabilities, data exfiltration on the server, and other common vulnerability attacks at the application level. You can deploy the product across just about any architecture and network topology, ensuring application end users and sensitive data is safe. It automatically hooks into your framework at key points, detecting exploit attempts to immediately prevent hacks and identify vulnerabilities.
Threats and vulnerabilities that impact your apps
Get help with prioritization of remediation and protection, anti-malware scanning, and insights into common attacks and malicious user behavior. Gain visibility into web application attacks and detailed diagnostics about attack source and type, attempted exploits, and targeted vulnerabilities. Application Security detects and protects against a wider range of attacks at runtime within your entire application, including:
- SQL injections
- Remote command execution
- Illegal file access
- Malicious file uploads, URL redirects, and payloads
- And more
Critical vulnerabilities introduced through secure coding mistakes and exposed dependencies
Application Security pinpoints web application vulnerabilities down to the line of code. Unlike traditional static and dynamic scanners, it reports only exploitable vulnerabilities, reducing waste and friction in the secure development lifecycle.
Get analysis of all the information for every request made to the application to decide if you should allow it, or take protective measures.
Since all protection takes place inside the application directly, network latency is not a factor, and Application Security runs fast.
User accounts and integrity of server code
For web application security, time is of the essence, and remediation expertise is often sparse. Upgrading to the more secure versions of application frameworks and fixing web application vulnerabilities takes time – even in an agile development cycle. Application Security prevents exploitation of vulnerabilities in your code with virtually no impact on application performance.
It collects and reports information about the attacker, the exploit attempt, and the code vulnerability. The attack is automatically prevented, and you have the visibility and information to stop it from ever happening again.
Our technology is optimized to offer complete detection and protection on every request without impacting application performance.
- Easy to deploy and use
- Quick installation – only 2 minutes
- Minimal onboarding
- No changes to the web application code
- Optimized for fully autonomous operation
Comprehensive language and framework support
Application Security is the only fully automated, cloud runtime protection solution for Python that does not require any changes to the web application code.
How It Works
Application Security is based on runtime self-protection technology. The Application Security library is self-contained and independently protects its application, even if it becomes disconnected from the Application Security service. User data is never exposed outside the application, ensuring your apps remain compliant with data protection mandates.
Protects applications with known vulnerabilities until remediation resources are available
Blocks sensitive data from being exposed by injection attacks
Secures hard-to-monitor applications, for example, when hundreds of web apps are running simultaneously on an internal network.
Application Security lets you monitor and review exploitation attempts across an unlimited number of applications. Attack details are propagated across your infrastructure, meaning, if an attack is detected on one application, it is immediately flagged on every app server and for every monitored app in your account. While the performance experienced by an end user may vary depending on the application type and its overhead, Application Security strives to make sure requests can be handled in under 1 ms.
Application Security delivers information, such as the time, origin, and type, on every attack that occurs on your apps to a central reporting point. Over time, this information builds into a broad profile of the attacks impacting your networks, enabling your web security team to map trends and deploy appropriate resources. Application Security also gives your developers full visibility into how the vulnerability in your code would have been exploited, including a stack trace down to the line of code (where relevant), reporting of request parameters, and how your app’s behavior would have been modified.
|Remote Command Execution (RCE)|
|Illegal File Access|
|Antivirus/Anti-Malware Scanning of File Uploads|
Application Security automatically protects your apps against common web-based attacks and many classes of zero-day vulnerabilities. Additionally, with Application Security’s deep instrumentation, API’s are protected similar to a web application across a JSON/GraphQL interface. With Application Security working inside the application, you only need one solution to secure both your web application and API’s.
- Java (8 or higher)
- Python (2.7, 3.4 or higher)
- NodeJS (10 or higher)
- PHP (7.0 or higher)
- .NET coming soon (.NET Framework 4.5.2 or higher, .NET Core 2.0 or higher)
- Ruby coming soon (2.0.0 or higher)