Application detection and response (ADR)
Application Detection and Response (ADR) is a powerful application-layer security solution that is designed specifically to monitor, detect, and prevent application layer attacks in production environments.
It also provides comprehensive visibility into the application layer attack surface and insights into vulnerabilities that remove blind spots for defenders and enable faster, more accurate detection and response.
Benefits
Contrast ADR defends your applications with:
Zero-day protection: Runtime protection blocking for known and unknown vulnerabilities.
Real-time monitoring: Detects and alerts on anomalous behavior within the application layer.
Actionable Alerts: Know the context for all application alerts through a summary of suspicious activity, payloads, Indicators of Compromise (IoC), and more.
Runtime observability: Real-time security blueprints provide context to incidents better to assess the severity and impact of an attack.
Guided runbooks: Clear, actionable steps to quickly identify true positive attacks and contain threats.
SIEM integration:
You can ingest ADR alerts, events, attack payload, and vulnerability data into your SIEM tools for effective monitoring and triage.
Contrast currently supports these SIEM integrations:
Azure Sentinel
Data Dog
Splunk
Sumo logic
How it works
Integrated agent: Integrate a Contrast agent into your application code.
Policies: Set policies for rules that monitor or block threats while your application is in use.
Monitor and protect: Observe attack events and adjust policies, as needed.
Mitigation actions: Review the suggestions that Contrast provides for reducing threats to your applications based on a set of rules.