Platform security is not what you think it is

July 31, 2025 · 3 min read

Traditional platform security focuses on familiar territory: code vulnerabilities, OWASP Top 10 threats, supply chain risks, and application architecture challenges.

It's the right moment to shift our perception and think not about how we develop but how applications are used by end users, no matter if they are internal workforces, external customers, or even non-human identities. We call this approach platform security analytics. It's based on the concept of aggregating and analyzing user events to identify risks based on their identities, behavioral irregularities, or specific metrics based on individual application functions. We can think about this like having SIEM but at the application level.

The main problem with this new security thinking is that it falls between classic disciplines such as development, security, and risk management. It is not straightforward development, as applications should have users to analyze and be in production. It's not only about security, because this approach is not related to endpoints, networks, or perimeters as we usually think. Moreover, from the standpoint of classic cybersecurity thinking, all events that could be considered risky are perfectly legitimate. Finally, it's not purely a risk management, since interpreting many data points requires deep cybersecurity expertise to recognize threat patterns.

We're seeing a new category of threats. For example, impersonation of platforms to perform personalized phishing attacks, or scammers that misuse legitimate platforms to obtain elements to use them to commit fraud or social engineering. There are many cases of insider threats or hacking attacks that use internal platforms as targets instead of hacking databases or file systems directly, as it's more valuable.

The same way that at some point a new profession like DevOps emerged, our times require creating a new job that will understand platform architecture, risks related to organizational operations relying on these applications, and cybersecurity aspects of the environment to bring platform security analytics together.

't'