with Cisco Secure Application reduces the risk of security exposure without compromising the delivery speed for an APM-managed application. Normally, the traditional vulnerability scanning occurs before the application is launched to production, and then continues on a monthly, or quarterly cadence. As soon as the application is deployed to production, new security gaps, and zero-day exploits make the application vulnerable despite pre-production testing. Cisco Secure Application enables continuous vulnerability assessment and protection by scanning code execution to prevent possible exploits.

Cisco Secure Application enables:

• The IT Operations team responsible for performance monitoring to gain real-time access to all security events.
• Application security (AppSec) developers and application developers to gain insights into violations of best practices and to collaborate on a solution without friction.
• AppSec and DevOps to add security into the existing automation, which benefits the DevSecOps environment.
• Businesses to operate at a faster pace with a lower risk profile due to constant run-time protection, real-time remediation, and security automation.

To monitor the application security, you must enable the security for the application using the Cisco Secure Application dashboard. Use the Security Events widget on the Application dashboard to navigate to the Cisco Secure Application dashboard. To view the Security Events widget within , enable your SaaS account with the subscription license for Secure Application. See License Entitlements and Restrictions.

Supported APM Agents

The Cisco Secure Application features are built into these APM Agents:

• Java Agent
• .NET Core
• Node.js Agent 

Cisco Secure Application Components

Cisco Secure Application uses the combination of the supported APM Agent, Controller, and Cisco Secure Application dashboard to monitor the security of the applications.

• Agent: Cisco Secure Application library is bundled with the Java and .NET Agents. The agent communicates with the Cisco Secure Application service within the Controller, which is maintained in the cloud. 
• Controller: The Cisco Secure Application service is maintained in the cloud by . 
  The APM Agent sends data to the service within the Controller. The service analyzes the data to protect against different types of attacks and vulnerabilities and then the service provides the analysis to the dashboard. For information about the attacks and vulnerabilities that Cisco Secure Application detects, see Cisco Secure Application Policies.
  It uses external feeds along with internal data to analyze the behavior of the application. It analyzes the CVEs (Common Vulnerabilities and Exposures) against a curated vulnerability feed.
  The service can detect:
  
  • A vulnerability when it is enabled in the policy and when the associated behavior and the library used are considered vulnerable.
    

  • An attack when it is enabled in the policy and abnormal behavior is detected. Remote Command Execution (RCE) is supported on Microsoft .NET Framework: 3.5 SP1, 4.6.2, 4.7.x, 4.8.x and Microsoft .NET: 6, 7, and 8. Vulnerability reporting is supported on Microsoft .NET: 6, 7, and 8. Remote Command Execution (RCE) support does not include filtering based on stack, or HTTP headers that is supported in Java. See .NET Supported Environments. 

• Cisco Secure Application Dashboard: A graphical representation of all the analyzed data. You can view this dashboard based on the role defined in the Controller. The data is updated on the dashboard when the service within the Controller sends the analyzed data to the dashboard.

Cisco Secure Application Architecture

The APM Agent (Java Agent) communicates to the Cisco Secure Application service through the Controller. This is a high-level architecture of Cisco Secure Application.

1. You install the supported APM Agent and then add the Cisco Secure Application license.
2. The APM-managed application runs and the APM Agent retrieves the data to send to the Controller.
3. The Cisco Secure Application service retrieves the application, tiers, and nodes data from the Controller.
4. The APM Agent communicates with the Cisco Secure Application service to check if the security is enabled for the application.
5. If the security is enabled, then the agent downloads the configuration along with the policies from the Cisco Secure Application service.
6. Based on the configured policies, the agent sends the security events to the Cisco Secure Application service.
7. The service collects all the data, analyzes the application behavior, and then provides the analyzed data to the Cisco Secure Application dashboard.