Agent performance with Protect
What can impact Protect performance?
The performance of these agents is crucial because they need to accurately and swiftly detect and respond to potential security risks in real-time. Here are a few main aspects related to agent performance in application security:
Accuracy: The security agent should have a high level of accuracy in identifying and classifying security threats. To address genuine risks, we want to minimize false positives (misidentifying legitimate activities as threats) and false negatives (failing to detect actual threats).
When sensitive rules are detected, they are audited and validated. The rules are adjusted or turned off for a quick fix. The engineering team is responsible for fixing and tuning the false positives (FP) to ensure the system's accuracy.
Speed and responsiveness: Application security agents should operate in real-time or near real-time to detect and respond promptly to security incidents. Delayed responses can lead to extended exposure to vulnerabilities and increase the risk of successful attacks.
Contrast’s infrastructure services are expected to have enough resources and capacity to handle high loads and errors without impacting performance.
Scalability: Agents should be capable of handling the demands of large-scale applications and networks. The system has a cloud-native licensing model that allows easy deployment and scaling of microservices in clustered environments. It provides flexibility for scaling up and down based on demand to ensure optimal performance.
Our updated configuration deployment enables the efficient scaling up and down of the system with microservices. It simplifies the process of deploying and managing the system at scale, ensuring smooth operations.
Resource utilization: Effective security agents should need to utilize system resources, such as CPU, memory, and network bandwidth, efficiently. They should handle the need for robust security measures and minimize resource consumption to avoid adversely impacting the performance of the protected applications.
The memory consumption is typically capped. See the agent-specific sections for detailed information about memory usage.
Adaptability: Application security agents should be adaptable to evolving threats and new attack vectors. Regular updates and enhancements to the agent's capabilities, such as signature updates, rule updates, and machine learning models, are necessary to ensure the continued effectiveness of security measures.
You can optimize performance by determining the most applicable rules and tuning them. You can also use exclusions and allowlisting to reduce unnecessary scans and analysis, which helps in further tuning and reducing performance impact.
Overall, the agent performance objective in application security is to provide a robust and reliable defence against potential threats while minimizing false positives, response times, and resource utilization. Organizations can enhance the security posture of their applications and protect them from various attacks by balancing security effectiveness and system performance.