F5 Labs is a dedicated security research team at F5 whose mission is to empower security practitioners with data-driven research. This broad remit, combined with the growing specialization in cybersecurity, also leads the group to work with different kinds of security specialists depending on the subject at hand. The F5 Labs team recently collaborated with the Cyentia Institute, industry leaders in security data science, to publish a new report: The State of the State of Application Exploits in Security Incidents. That name’s not a typo—this report is a meta-analysis of several prominent industry reports, each of which covers the state of application security, hence the name, ‘the state of the state of.’ The goal is to evaluate the degree of consensus and clarity within the world of application security researchers.
In the usual rigorous Cyentia style, the report breaks down methodologies and conclusions from reports that approach the core question of application security from slightly different angles. Some of the report’s sources focus on data breaches specifically, and one of them has narrowed down even further to data breaches of a certain size and impact. A large number of industry reports used the MITRE ATT&CK® framework to focus on attacker tactics and techniques. Others are focused on vulnerabilities, where Cyentia had to work the hardest to align the different results into something that could be compared and evaluated.
Superficial findings of the analysis indicate that the field of application security reporting is disjointed and ill-organized. Many of these reports use different taxonomies, inconsistent definitions and terminology, or proceed from differential assumptions, making it difficult to compare even two different reports on any meaningful level. When we simplify the different methods enough to compare them, the findings are generally so mundane as to be considered common sense, such as the observation that web exploits are useful to attackers.
However, scratch beneath the surface a little bit, and each of these different reports arrives at similar conclusions and recommendations, meaning that no matter how we approach the question of application security, we arrive at roughly the same mission. Viewed in this way, the state of the state of isn’t quite as chaotic as it might appear. The report also features the eye-catching and thought-provoking data visualization we’ve come to expect of Cyentia, as well as their quirky, understated sense of humor. Check out the full report and bask in the glory of meta-analysis at its best.
About the Author
Related Blog Posts
F5 ADSP Partner Program streamlines adoption of F5 platform
The new F5 ADSP Partner Program creates a dynamic ecosystem that drives growth and success for our partners and customers.
Accelerate Kubernetes and AI workloads with F5 BIG-IP and AWS EKS
The F5 BIG-IP Next for Kubernetes software will soon be available in AWS Marketplace to accelerate managed Kubernetes performance on AWS EKS.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.