Application-layer attacks are rising fast, but most security frameworks still focus on infrastructure. That mismatch leaves a blind spot in how modern threats actually unfold.
Oligo Security has introduced the
Application Attack Matrix, a tactical blueprint for identifying and responding to threats targeting modern cloud applications. Built with input from contributors across AWS, Microsoft, Salesforce, and other major players, the matrix breaks down attacker behavior specifically at the application layer, where today’s most damaging exploits often begin.
Bridging Gaps Left by Traditional Frameworks
According to
Gal Elbaz, Oligo's co-founder and CTO, many existing frameworks fall short when it comes to tracking attacker movement inside the app stack itself. “Frameworks like MITRE ATT&CK have been instrumental for infrastructure and endpoint,” he told MSSP Alert, “but they haven’t yet taken a deep dive into the application layer where today’s attackers increasingly operate.”
He noted several blind spots the matrix addresses: runtime blindness in constantly changing apps, threats embedded in the CI/CD pipeline, and abuse of legitimate application logic across APIs and services. “We built the Matrix based on real attacks against cloud apps, to give defenders a practical way to understand and counter threats inside the application stack itself. Traditional frameworks simply don’t reach this level.”
Built to Evolve With the Threat Landscape
The framework also isn’t meant to be static. Elbaz emphasized that its relevance lies in its roots. “The Application Attack Matrix is meant to grow with the threat landscape because it’s built from actual attacks, not just theory. What keeps it relevant is the mix of people behind it: cloud providers, security teams, and platform engineers who deal with this stuff daily.”
Rather than being a one-time snapshot, it’s a living structure that reflects what’s actually happening across production environments. “As application environments get more complex, the Matrix will keep evolving to track how attackers adapt. It’s not a static checklist. It’s meant to reflect what’s happening on the ground in real time.”
That evolution is key for managed security service providers, who increasingly find themselves responsible for protecting modern app stacks. “MSSPs can absolutely start using the Application Attack Matrix right away to sharpen how they think about application-layer threats—especially those that traditional infrastructure-focused frameworks miss,” said Elbaz. But the real value, he pointed out, comes when MSSPs dig deeper: “The Matrix isn’t just about spotting known patterns. It’s a lens into how attackers move through modern apps. To detect that, you need more visibility into how the application is actually behaving in production.”
He added that while the framework can plug into existing detection workflows, it works best when MSSPs use it to drive tighter collaboration with client dev and SecOps teams.
The Application Attack Matrix maps out how adversaries operate, the techniques they use, and how defenders can detect and contain threats earlier in the lifecycle. As the gap between infrastructure defenses and runtime behavior continues to widen, this initiative offers a clearer path forward for teams on the frontlines of application security.
