Down the Security Rabbithole Podcast (DtSR) DtSR Episode 669 - ADR Enters the SOC Chat
Sep 2, 2025
Join Jeff Williams, CTO and founder of Contrast Security with over 30 years in application security, and Anton Chuvakin, a former Gartner analyst known for his expertise in SIEM, as they dive into the hot topic of Application Detection and Response (ADR). They explore how ADR enhances cybersecurity frameworks and contrasts it with traditional defenses. The duo discusses the shift in application security from perimeter defenses to integrated solutions, and the challenges of detecting sophisticated attacks, advocating for improved monitoring in Security Operations Centers.
AI Snips
Chapters
Transcript
Episode notes
ADR Fills The App Visibility Gap
- ADR stands for Application Detection and Response and fills a visibility gap inside applications and APIs.
- It surfaces attacks and anomalies from within the application layer for SOC consumption.
Design ADR For The SOC, Not Just Devs
- Don't treat ADR as RASP sold to developers; design ADR for SOC workflows and detection use cases.
- Avoid delivering deep app telemetry without translating it into SOC-friendly signals and runbooks.
Logs Alone Can't Deliver App Security
- Application logs alone rarely contain the telemetry needed to detect attacks.
- ADR instruments app behavior and streams rich telemetry into a detection graph instead of relying on developer logs.