Securing Applications By Default
Security solutions devoted to chasing and detecting threats are only marginally effective when the attack surface remains so large; there are simply too many ways for a threat to compromise an application for point solutions to cover them all.
For this reason, the primary focus for IT and InfoSec teams should be shrinking the attack surface of applications. To do this effectively, there are a few things IT and InfoSec teams need:
• Insight and context into how applications are comprised, how they are intended to interact with the infrastructure, and how they actually interact with the infrastructure.
• Network enforcements points that can micro-segment the machines that make up an application.
• Compute enforcement points that can ensure only the right processes run and the right connections are made within those machines.