Cisco moved into application security with a new AppDynamics integration to help developers and security teams detect vulnerabilities in production and automatically block attacks.

AppDynamics, which Cisco acquired for $3.7 billion in 2017, co-developed the new runtime protection tool called Cisco Secure Application with Cisco Security. It is built into AppDynamics’ application performance monitoring platform, and it also integrates with Cisco’s SecureX security platform to provide application-level visibility and insights to the security team.

“It’s an opportunity to bring the security operations people together with application developers,” AppDynamics CTO Ty Amell said. “It lets them see in real time any vulnerabilities in the application and takes that a step further to remediate and block those exploits from happening.”

The product makes vulnerability management easier for developers by continually scanning code execution to prevent exploits and adding security into application runtime, Amell said. It also automatically stops exploits to prevent a data breach, which, on average, cost companies $3.86 million last year.

This application-level visibility is equally important for security teams because of the sheer number of corporate applications, but they don’t need yet another dashboard for security insights, said Nils Swart, senior director of product management for app/workload security at Cisco Security. “Applications truly need specialized approaches to security, and one part of that is that over the last 10 years there’s security tools up the wazoo,” he said. “Security teams often complain about how many different security tools exist, how many different workflows, and dashboards, and whatnot.”

Secure Application aims to bridge the gap between security and app teams by correlating performance monitoring, business intelligence, and security insights by building security into its already widely used app development platform, Swart added.

“So what we’re bringing to the table is inserting security in toolsets that the applications teams have already adopted, and then elevate security concerns to both the application team as well as the security team,” he explained.

In other words, it’s a DevSecOps approach to security and app development.

IDC Program VP Stephen Elliot said he likes this product approach for Cisco, and specifically for AppDynamics, and he expects to see other vendors follow suit.

“DevSecOps and application security is a hot theme for observability vendors in 2021 and moving forward,” he wrote in response to questions. “Certainly the runtime focus is an important differentiation, and all the major observability vendors have or will have something relates to the security themes in 2021.”

The bigger challenge, he said, is reaching buyers “and meeting buyers where they are in the maturity cycle. No doubt this will play a large role in who wins and losses.”