Why Dynatrace AppSec leans into runtime to hunt real threats
18.06.2026 - 17:01:26 | ad-hoc-news.de
Reviewed: ad hoc news Software & Services desk. Edited and checked on 2026-06-18, 16:59. Details in the imprint.
Dynatrace Application Security sits directly in live application traffic, watching every request and response like a quiet bouncer at the club door who never looks away. It does not wait for scheduled scans - it listens in real time and flags only attacks that actually touch your runtime.
Background on the Dynatrace stock
Dynatrace builds its Application Security module directly into the observability platform - investors and users can track how this integrated approach shows up in customer adoption and financial results.
What Dynatrace AppSec actually is
At heart, Dynatrace Application Security is a module of the Dynatrace platform that adds runtime application self-protection and vulnerability analytics on top of observability data from OneAgent and Grail. Dynatrace positions it as a way to automatically discover services, dependencies and vulnerabilities from production, not just from build-time scans.
The idea is simple but bold: if Dynatrace is already tracing every request through microservices, Kubernetes pods and serverless functions, then security can piggyback on the same telemetry. That means real attacks, real payloads and real exploit attempts show up on the same dashboards developers already live in.
Runtime focus instead of more scanner noise
Where classic SAST and DAST tools shower teams with theoretical issues, Dynatrace Application Security tries to shrink the list to what is exploitable in your environment. It observes whether a vulnerable library is actually loaded, whether the code path is reachable and whether real traffic ever hits it.
Dynatrace uses its deterministic AI engine, Davis, to correlate runtime events, topology and vulnerabilities into what it calls "precise risk assessment". That means one consolidated problem card when a critical library vulnerability, an exposed service and malicious traffic line up - instead of twenty separate alerts from different tools.
How it hooks into modern stacks
Deployment follows the normal Dynatrace pattern. You roll out the OneAgent on hosts, Kubernetes nodes or platforms like AWS and Azure, and Application Security simply shows up as another lens on top of the same data. There is no extra sidecar or inline gateway that might slow traffic.
For containerized workloads, Dynatrace scans images in registries like Amazon ECR and Azure Container Registry, but it also tracks which images are running in which clusters. This lets teams see when a vulnerable image is still powering a production deployment even though a patched version exists in the registry.
From CVEs and SBOMs to something teams can act on
On the vulnerability side, Dynatrace Application Security collects known issues such as CVEs, attaches them to concrete services and process groups, and then enriches them with runtime and exploit information. Security and DevOps get a sorted list that reflects business impact, not just CVSS score.
Software bills of materials from CI/CD pipelines plug into the same model. Dynatrace maps SBOM components to running services, so you do not just know that a project uses a risky open-source library somewhere - you see which production services rely on it and whether they are internet-facing.
Exposure and attack detection in real traffic
Against active threats, Dynatrace Application Security inspects HTTP traffic and method calls for patterns that match known attack techniques, including SQL injection, command injection and deserialization exploits. The detection runs inline with tracing, so attack traces show the same code-level hotspots as performance issues.
Because Dynatrace understands the full service topology, it can attribute attacks to specific endpoints, tenants or Kubernetes namespaces. Teams can see not only that an attack happened, but which cluster, environment and business function was targeted, and whether the exploit path succeeded or died in transit.
What day-to-day use feels like
For an on-call engineer, Dynatrace Application Security simply adds another dimension to the existing Dynatrace problems feed. You wake up to a Davis problem that says a production checkout service is both slow and under attack, with links to the offending requests and vulnerable library versions.
The interface keeps the same tidy cards, impact graphs and service maps that Dynatrace users know from performance monitoring. Security data flows into the same screens, so teams do not juggle yet another dashboard with its own alert logic, labels and learning curve.
Where it shines and where limits show
The strongest argument for Dynatrace Application Security is its tight integration with observability. You do not need to instrument code twice, and you get context rich enough to talk about business impact in concrete terms like "checkouts affected" or "tenant accounts exposed".
The flip side is architectural. Runtime-focused security can only see what actually runs, so it does not replace secure design reviews or static analysis. If a feature is not yet deployed or a rarely used code path hides a logic flaw, Dynatrace will not magically see it until traffic wakes it up.
Licensing, packaging and who it targets
Dynatrace sells Application Security as an add-on module on top of the core Dynatrace platform, with consumption based on Dynatrace's own Digital Experience and host-unit model rather than per-vulnerability pricing. For existing Dynatrace customers, enabling the module is mostly a matter of contract and configuration, not another agent rollout.
The obvious target group are larger enterprises already running Dynatrace for observability, especially those shifting more workloads into Kubernetes and multi-cloud environments. For them, putting security analytics into the same product their SRE and platform teams use daily can be a convincing cultural shortcut.
How it compares in a crowded market
Compared with traditional application security testing and standalone RASP tools, Dynatrace Application Security leans heavily on its full-stack topology map. It sees infrastructure, services, processes and user sessions as one graph, which makes lateral movement and chained exploits easier to understand than in isolated tools.
Against cloud-provider-native offerings, Dynatrace plays the multi-cloud card. Enterprises that already span AWS, Azure, Google Cloud and on-prem clusters can model their security risk in one place instead of stitching together several security consoles each with its own vocabulary.
Company context and stock reference
Dynatrace has been expanding beyond pure performance monitoring into security and business analytics, with Application Security positioned as a growth pillar alongside observability in its recent investor materials.
Shares of Dynatrace (US2681501092) trade on the New York Stock Exchange in US dollars.
Key facts on Dynatrace Application Security
- Product: Dynatrace Application Security
- Manufacturer: Dynatrace Inc.
- Category: Software/Service/Subscription
- Launch: Around 2020, expanded with later platform updates
- RRP / Price: Module-priced as an add-on to the Dynatrace platform, based on Dynatrace consumption units
- Availability: Offered globally via Dynatrace sales and partners, as SaaS in supported regions
- Target group: Enterprises using Dynatrace for observability who want runtime application security tightly integrated into their monitoring stack
- Highlight / USP: Uses production observability data and topology to prioritize exploitable vulnerabilities and real attacks instead of theoretical issues
This article was AI-assisted and editorially reviewed. Product information without guarantee; prices and availability may change at short notice. No investment advice, no buy or sell recommendation. Stock-market transactions involve risks up to total loss.
