This past June, just half-way into 2017, over 790 U.S. data breaches had already been reported, according to the Identity Theft Resource Center (ITRC). This was a half-year record high and a 29% jump from the same time period in 2016.
63% of those breaches were caused by cyber attacks.
Many companies are just coming to realize the danger of having their private records and networks attacked by malicious hackers. The high cost of such a security failure makes it necessary for enterprise companies to take preventative measures by adopting the right security tools.
Since more than 80% of cyber attacks target applications, having a strong application security solution in place is vital. An application security tool will help your development team identify security vulnerabilities before a hacker can, and fixes them.
With so many solutions on the market, it can be overwhelming trying to decide on the right solution for your company’s needs. That’s why we turned to the tech professionals in the IT Central Station community to for their advice and feedback on how to to choose an application security solution.
How to choose an application security solution
1. Thoroughly research and test out all potential solutions
ITDirector463, Director of Information Technology at a tech consulting company:
“Find the solution that works best for your environment, using the group concept to try them all. Then determine which is best for you.”
Thomas Bullinger, Solution Security Architect at a healthcare company:
“Take advantage of the free trial and conduct a meaningful PoC. Get a buy-in from upper management early and coordinate with all stakeholders (e.g. developers, testing and/or QA groups).”
Gustavo Gonzalez, Product Marketing Engineering:
“I recommend to have a live session with the marketing team, to have a demo and to track all your doubts before purchasing....You need to be sure what you are using, and what it is for. You could use just 20% of what the tool can do, and therefore waste your money. So either fully learn how to use it and evaluate if it’s the right scanning tool to have, or go for a better and cheaper option.”
2. Examine the environment surrounding the software
SnrManager055, Senior Manager at a consultancy:
“My advice would be to look not only at the software, but also at the processor and the people who will be using the software.”
3. See what other people who have used the software have to say about it
JohanSoula, Application Security Manager:
“Ask to meet another customer with the same needs or the same kind of organization, to learn from their experience.”
4. Ensure the software will help you meet your objectives
Mauricio Medina, CEO at a tech services company:
“A fool with a tool is still a fool”. Choose somebody who can add the right processes, methods, and techniques to actually implement the customers' objectives. We try to build a eco-system to cross-sell our solutions.
There is a mix between maturity and money. That is the barrier to break before showing the customer that he is purchasing something without risks before he goes into production. They should focus on a product that adds value to the corporation.”
5. Clarify which characteristics are the most important to you
Srdirect395523, Sr. Director, Cloud Platform Engineering at a tech vendor:
"Be clear in advance on how much “overhead” you’re willing to pay in order to run “regular” scans on your DC machines and networks. In the cloud space, it’s somewhat better to verify the base image once, and focus on application vulnerabilities, where possible."
SpecialistMgr208, Specialist Master/Manager at a consultancy:
"Quality vs quantity: You pay more for a higher-quality product and meets your needs, compared to others that might be cheaper, but you have to crawl to get what you are looking for."
What advice would you offer other IT professionals who are researching application security tools?