Yesterday, we hosted the first Sqreen Summit, where we shared our vision for unparalleled visibility in application security, demoed the latest feature releases from Sqreen, and chatted with Jason Montgomery, VP of Security at Datarobot and one of our Sqreen design partners. We also had a great breakout session on the changing role of the security engineer with Jacolon Walker, former CISO and security engineer at OpenDoor, Collective Health, Palantir, and others. These sessions are all available on-demand!
I wanted to take a moment to expand on the features we introduced at Sqreen Summit and share the fantastic work the team has done over the past few months.
Let’s take a look at the latest:
When it comes to getting visibility, a crucial step is the ability to review attacks and key user activity across multiple web applications in one central place. From this viewpoint, you can connect the dots across the different activities that make up an attack, and get immediate, clear visibility of how a malicious user moved through your application. Of course, there’s often a huge number of events happening during any given time period, so to be useful, these events must be not only correlated, but also sortable and filterable. That’s what we’ve built with Security Activity.
Security Activity is a single view of your security activity across network, user, and code levels in your application. By connecting the dots across multiple layers, you can more easily see how malicious actors were able to interact and move through your application, so you’re better able to mitigate attacks and remediate vulnerabilities.
Improved In-App WAF protection and customization
Security Activity greatly improves your ability to investigate security incidents in Sqreen, but it’s important to be able to take action as well. This quarter, we made two key improvements to the Sqreen In-App WAF with this in mind.
The first is extending the In-App WAF’s out-of-the-box protection with expanded support for the OWASP Core Rule Set (CRS). With almost one hundred CRS-based rules available out of the box, providing additional coverage that is adapted to your applications’ stacks and tuned to limit the noise from false positives, Sqreen will improve your security right out of the gate.
The second improvement is enhanced customization capabilities. To better increase your productivity and decrease time to resolution, you can now create custom rules to monitor or block suspicious activity directly from the security activity view. Also, in order to reduce the chances of a configuration mistake, you can now test the custom rules you create against the actual requests from the incident to verify their effectiveness.
Third party integrations
For a while now, Sqreen has supported integrations with external services, namely New Relic Insights and Slack, plus generic integrations using webhooks. However, further extensibility and more powerful integrations is something we’ve had our eye on for a while, so we spent time this quarter on improving Sqreen’s ability to integrate with your existing workflows, ensuring that Sqreen can fit your existing processes and tools.
The result of this work is new API capabilities so you can access Sqreen’s unique security insights in your APM, SIEM, or wherever you need to consolidate your security information. We’re now introducing a new Push API (available in beta) with out-of-the-box support for Splunk and Rsyslog. Additional out-of-the-box integrations are also on the way, as well as a complementary Pull API for maximum flexibility.
Check the new features out for yourself
These features are available in the latest version of Sqreen, so you can explore them yourself today in your existing Sqreen deployment or in a new free trial. If you’d like to see Max, our engineering manager for the Protect squad, demo these features, check out the keynote recording from Sqreen Summit, where he does just that.
We’d love to hear what you think of these features, so let us know your thoughts at firstname.lastname@example.org. You can also reach out to us any time via the chat widget.