Streamline vulnerability-risk communications with intuitive and automated security reporting

Dynatrace delivers security data on Grail™ to enable flexible analysis and reporting of security findings. This addresses the pain of communication and collaboration within enterprise DevSecOps teams and their stakeholders. With ready-to-use dashboard and notebook templates, you can now get immediate insight into your organization’s security posture, perform powerful in-depth analyses, and easily track remediation efforts.

Communicating security insights efficiently across teams in your organization isn’t easy

Security management is a complex and challenging task; effectively communicating security insights is even more so. When a new high-profile vulnerability emerges, companies rush to assess their exposure and look for a prompt response. Different stakeholders have different needs and expectations: management requires a high-level assessment of risk; security teams aim to drive efficient remediation; developers seek focused prioritization; and business stakeholders demand smooth, uninterrupted operations. Even during quiet times, organizations must ensure that teams continuously work to reduce their applications’ risk so that no high-profile vulnerabilities slip into production.

Is the right data available in these critical moments? How fast can your teams get answers?

Data is often siloed and distributed among multiple tools, and to get the full picture, teams need to collaborate. If communication isn’t smooth, your organization might be exposed to threats and be late in its response, causing losses for your business.

All stakeholders want consistent and quick answers to security questions, to be more efficient, and to automate remediation efforts where it makes sense to reduce exposure time to threats. Even better, stakeholders want to be proactive and automatically notified when their attention is needed.

For these tasks, you need a single source of truth with consolidated security data available at all times, easily generated and reproducible reports, and strong automation capabilities that help you be proactive and efficient.

Dynatrace automates the communication of security insights to everyone who needs to know

Dynatrace already provides prompt answers to difficult security questions. With security data on Grail and ready-to-use templates, we’ve introduced unprecedented flexibility in adapting presented information to the proper scope and focus that DevSecOps teams and stakeholders require. This ensures that the right people get the correct information at the right time, which is essential for effective security management.

Let’s closely examine two security use cases that demonstrate how the out-of-the-box experience with Dynatrace can help you stay in control. These examples leverage the power of two Dynatrace built-in apps, Dashboards and Notebooks, to present the security findings:

• Case 1: Threat exposure assessment: Analyze and communicate your organization’s security posture against a specific threat.
• Case 2: Vulnerability remediation tracking: Keep stakeholders informed by defining and sharing remediation scope and progress.

Case 1: Threat exposure assessment

Imagine you’re an architect responsible for the security aspects of your organization’s applications. You work with the DevSecOps teams on one hand, guiding them through the best practices of secure development and deployment. On the other hand, you work with the owners of the relevant applications, providing them with the security tools and insights needed to keep the business running securely.

One morning, your boss, the Chief Information Security Officer (CISO), calls to check if you’ve heard about a new high-profile Denial of Service (DoS) vulnerability just discovered in a common third-party library—the entire world is talking about it. The CISO wants to know if the organization is exposed and asks you to provide a risk analysis and plan of action for remediation ASAP.

Your first win is that you have Dynatrace in your organization; therefore, you know exactly what to do:

• You start by filtering the list of your organization’s detected vulnerabilities for the DoS vulnerability’s CVE (Common Vulnerabilities and Exposures) number in the Third-party vulnerabilities app. Dynatrace provides an immediate answer—your company was affected. The vulnerable library is used extensively (showing 45 affected entities or occurrences of use).

• To provide a quick risk report to your CISO, you generate a dashboard in just a few clicks using the ready-to-use Threat Exposure dashboard template, which provides an immediate answer to the exposure risk question and shows the potential impact.

• With this sharable dashboard, you can immediately share details of the exposure risk and the potential impact with your CISO.

• Next, you want to prepare an efficient plan for remediation. You generate a notebook report from the vulnerability details page from the ready-to-use Threat Exposure template. This report provides additional detail, including the exact areas at risk due to this threat, as well as the responsible teams.
  • The notebook uses the Davis^® Security Score (DSS) to prioritize vulnerabilities based on their environmental context within your organization (for example, is the vulnerability exposed to the internet or is sensitive data in reach?).
  • With the responsible team’s information available in Dynatrace, you know whom to contact for swift action.

• Save this threat exposure notebook as a starting point—you’ll need it during status meetings.
  • For any of the tiles in the notebook, you can also create automation to continuously monitor the findings, based on the underlying query and orchestrate them.

After a couple of weeks, the responsible teams remediated all the top exposure points from the vulnerability. You feel proud of your team, knowing Dynatrace provided you with the tools to maintain complete control of the situation with minimal effort and seamless communication with your colleagues. Your CISO is impressed by the quick assessment and smooth collaboration across the DevSecOps teams towards the remediation.

Case 2: Vulnerability remediation tracking

After the initial threat exposure assessment is done, the next step is to remediate the findings. Security teams are interested in continuous posture improvement and risk reduction, even when no emerging high-profile vulnerabilities threaten the organization.

Now, imagine you’re the development team lead. One of your team’s KPIs for this quarter is reducing the number of in-production high and critical third-party vulnerabilities of the applications you own to zero.

You work closely with the security department and application owners to prioritize the work. In addition, you want to be as transparent as possible and provide continuous visibility into your team’s remediation progress.

Luckily, you have the Dynatrace Application Security module deployed, which means you can immediately see the most important vulnerabilities prioritized with Davis assessment.

• You get instant insight into your applications’ high and critical vulnerabilities by looking at the Third-party vulnerabilities app.
  • The Davis Security Score considers each vulnerability’s severity and adjusts it according to the environmental context. In this way, you focus on the vulnerabilities that really matter.

• Next, you opt to automatically generate a live notebook report to track the remediation progress and share it with other stakeholders.
  • You use the built-in Remediation tracking notebook template as a quick start.
  • Here, you see the current state and trend for the selected vulnerabilities over time.
  • You name it by customizing the provided title section in the notebook and saving the report.

• Now you can share this notebook with your application owner and security architect to get their approval on the intended work and stay aligned.
  • The Share feature makes it easy to specify who can view the report, and who can edit it.

• Later, in monthly status meetings with stakeholders during the remediation process:
  • You reuse the report template for each meeting to maintain consistent communication about your progress.
  • All the stakeholders get a continuous view over time and are impressed with the visibility and progress made.

• After a couple of months, the work is completed, and the production environment is “green” since all the relevant vulnerabilities were resolved.
  • In a conclusion meeting, you share a comparison of the current state against the initial state using the historical snapshots you saved.

You had a remediation goal and used Dynatrace security findings with ready-to-use notebook templates to prioritize and communicate the progress. Everyone stayed informed and felt in control: you were in sync with the business priorities, and all the stakeholders trusted that you were on top of things.

Dynatrace enables efficient reporting of security insights with out-of-the-box building blocks to quickly visualize and track findings that matter in your organization

With flexible security analysis and reporting, Dynatrace helps you maintain consistent and efficient communication within DevSecOps teams and their stakeholders. This includes the following capabilities:

• Security data on Grail: Enables security data query, aggregation, visualization, and reporting on multiple levels. Helping to get answers with different granularity and various perspectives.
• Ready-to-use dashboard and notebook templates: This makes completing various security reporting use cases easy. Available out-of-the-box within security apps to stay in the context of analysis flows.
• Full customization and flexibility: The dashboard and notebook templates are a fantastic starting point to further fine-tune for the specific needs of your organization.

Different stakeholders can now access security findings use cases on various levels of detail, such as:

• Security posture overview: Monitors the organizational posture, risks, and top priorities around vulnerabilities and attacks targeting your applications and services.
• Threat exposure analysis: Zoom in on a specific threat and related environmental risks per application or service.
• Operational efficiency: Manage the security coverage and processes regarding findings orchestration.
• Remediation tracking: Ensure that the responsible team addresses top issues on time.

Get security insights, prioritize work, and become more efficient in delivering secured applications and services with Dynatrace.

What’s next?

• If you’re already a user of the Third-party vulnerability app, you can immediately start leveraging the power and flexibility of vulnerability data and events with the templates:
  • Get started analyzing security data on Grail
• If you’d like a demo of Third-party vulnerability’s full capabilities, please contact our sales team.
• Learn more about Dynatrace security in Dynatrace Documentation:
  • Manage third-party vulnerabilities
  • Grail and DQL
  • Security events data structure