<- Resources / Blog
Blog

App-ocalypse Now

Boris Kacevich, Head of Product at Miggo Security
September 25, 2024

‍A Note From Andy Ellis

Every security team has its horror stories. If you’re fortunate, you can learn from listening to these stories.  If you’re really clever, you can use those stories to run your own tabletop exercises, learn from them, and hopefully avoid your own personal Apocalypse Now.

YL Ventures is curating incidents for you to use as tabletop exercises. Some of these stories are true.  Some have the rough edges filed off of them. But all of them are useful as the seeds of tabletop exercises for you. Each exercise is featured on one of our portfolio company’s blogs, where they’ve responded with how their solution might help you navigate the chaos.

Scenario: Welcome to the Jungle

It’s an ordinary day in the cybersecurity jungle when an unusual email arrives at your corporate security@company.com. It’s from a security company, not pitching anything but reporting a cloud service provider configuration vulnerability impacting one of their customers. They suspect this flaw affects several domains, including yours. The vulnerability is under embargo, but they’re ready to guide you through it if you honor the embargo.

What’s your move?

Miggo to the Rescue!

Boris from Miggo here. Miggo’s Application Detection and Response (ADR) solution is specifically designed to steer you away from a Kurtzian nightmare. We actually sent out a very similar message not too long ago. So we know a thing or two about how to help.

First, Engage with the Researchers

If you receive such a message, your first step should be to engage with the researcher who reported the vulnerability. Ensure you honor the embargo while collaborating with them to understand the full scope of the issue. Engaging directly can provide valuable insights and help prioritize your response.

After establishing contact, these are the steps Miggo recommends to prevent this vulnerability from escalating into a full-scale breach.

Relevance Assessment: Is This the Real Apocalypse?

First things first—should you be on high alert?

Verify if the domain is covered by your edge protections and properly configured. This includes:

  • Verifying the domain’s coverage within your edge solutions.
  • Assessing its exposure and protection status.

How Miggo Helps: Picture Miggo as your trusty sidekick in this scenario. It seamlessly integrates with your current observability tools, taking the distributed context they provide and correlating it with your external domains and their protection methods. This gives you real-time insights into your application’s surface, allowing you to quickly determine both the potential impact and whether the domain in question is secure or a weak spot requiring immediate attention.

Risk and Impact Analysis: The Darkness Within

If the domain is exposed and relevant, you need to evaluate the risk and impact. Determine if the exposed domain could lead to significant vulnerabilities or breaches by:

  • Identifying the sensitivity of the data and services linked to the domain.
  • Reviewing recent vulnerabilities, misconfigurations and application drifts identified by scans across the involved application components

How Miggo Helps: Imagine Miggo as your investigative reporter, uncovering the truth behind the scenes. It uses advanced runtime code-execution flow analysis and deep tracing techniques to give you a clear picture of your application’s behavior. This helps you assess the risk and impact with precision, avoiding any unnecessary panic.

A Decision Junction: To Fight or Not to Fight

Based on your assessment, decide if the risk requires immediate action or if it’s something you can monitor. Your choices include:

  • If the risk is low, keep an eye on it but avoid immediate action.
  • If the risk is high, implement mitigation measures without delay.

How Miggo Helps: With Miggo in your corner, you get actionable, evidence-based insights that help you make the call. It’s like having a crystal ball that reveals whether you need to launch a full-scale response or if it’s just a minor issue worth monitoring.

Mitigation: Crossing the Threshold

To address the vulnerabilities related to the exposed domain, you’ll need to implement the necessary mitigation measures, which could involve:

  • Fixing issues at the edge, infrastructure, or application layer.
  • Applying recommended enhancements to your security setup.

How Miggo Helps: Think of Miggo as your expert guide through the murky waters of threat mitigation. It integrates with Web Application Firewalls (WAF), Zero Trust Network Access (ZTNA), and authentication controls, providing enhanced threat intelligence and helping you navigate the fix with ease.

A Final Note From Miggo

Miggo was developed to make real-time detection and response practical for modern application security. As a leader in the ADR space, Miggo offers a unique approach to addressing the challenges faced by today’s decentralized and distributed cloud applications. By providing production-time mapping, real-time visibility, and seamless integration with existing observability tools, Miggo helps organizations shift from a reactive to a proactive stance in defending against modern and evolving threats.

A Real-World Example: The ALBeast Vulnerability

In a recent real-world scenario that underscores the critical nature of proactive security measures, Miggo Research identified over 15,000 potentially impacted applications due to a significant configuration-based vulnerability known as ALBeast. This flaw, affecting AWS Application Load Balancers (ALBs), allowed for authentication and authorization bypass in exposed applications. 

Looking to sharpen your incident response capabilities and fortify your applications against emerging threats?  Learn more about how Miggo's ADR solution helps here or schedule a time to meet with our team.

Additional reading

Blog
Top ADR (Application Detection and Response) Tools of 2024
November 14, 2024
Read more
Blog
ADR: The Change AppSec Needs
November 7, 2024
Read more
X (Twitter)Linkedin
Why ADR?CompanyResources
Terms of usePrivacy policy
Book a demo
Why ADR?CompanyResourcesBook a demo
badge

Experienced a Breach?

Application breach emergency support ->

Privacy policy
Terms of use
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept