F5 Labs is a dedicated security research team at F5 whose mission is to empower security practitioners with data-driven research. This broad remit, combined with the growing specialization in cybersecurity, also leads the group to work with different kinds of security specialists depending on the subject at hand. The F5 Labs team recently collaborated with the Cyentia Institute, industry leaders in security data science, to publish a new report: The State of the State of Application Exploits in Security Incidents. That name’s not a typo—this report is a meta-analysis of several prominent industry reports, each of which covers the state of application security, hence the name, ‘the state of the state of.’ The goal is to evaluate the degree of consensus and clarity within the world of application security researchers.
In the usual rigorous Cyentia style, the report breaks down methodologies and conclusions from reports that approach the core question of application security from slightly different angles. Some of the report’s sources focus on data breaches specifically, and one of them has narrowed down even further to data breaches of a certain size and impact. A large number of industry reports used the MITRE ATT&CK® framework to focus on attacker tactics and techniques. Others are focused on vulnerabilities, where Cyentia had to work the hardest to align the different results into something that could be compared and evaluated.
Superficial findings of the analysis indicate that the field of application security reporting is disjointed and ill-organized. Many of these reports use different taxonomies, inconsistent definitions and terminology, or proceed from differential assumptions, making it difficult to compare even two different reports on any meaningful level. When we simplify the different methods enough to compare them, the findings are generally so mundane as to be considered common sense, such as the observation that web exploits are useful to attackers.
However, scratch beneath the surface a little bit, and each of these different reports arrives at similar conclusions and recommendations, meaning that no matter how we approach the question of application security, we arrive at roughly the same mission. Viewed in this way, the state of the state of isn’t quite as chaotic as it might appear. The report also features the eye-catching and thought-provoking data visualization we’ve come to expect of Cyentia, as well as their quirky, understated sense of humor. Check out the full report and bask in the glory of meta-analysis at its best.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...