Saltworks announced a partnership with
attack surface management (ASM) provider Bit Discovery to integrate advanced ASM capabilities into SaltMiner, Saltworks' enterprise AppSec management solution
that gives visibility into application health, risk and compliance at each
stage of the software development lifecycle (SDLC).
Attack
surface management is crucial to an effective AppSec program. It empowers IT
with an understanding of what Internet-accessible technology/data points
(domains/subdomains, IP address, servers, web pages, etc.) must be secured
early in the SDLC. Reinforcing a "shift-left" mindset required of today's
DevSecOps initiatives, Saltworks customers now benefit from fast and efficient
ASM features that capture, inventory and monitor external digital assets that
can be easily viewed and managed in the SaltMiner dashboard.
"Companies
can't expect AppSec teams to effectively secure applications if they don't even
know what needs to be secured," said Dennis Hurst, founder and president of
Saltworks. "Bit Discovery ASM furthers SaltMiner's ability to protect external
digital assets in tandem with the application inventory management
functionality SaltMiner already has to secure enterprise architecture
surfaces and dependencies."
A
recent Saltworks customer estimated it had 400 web applications. After quickly
creating an attack surface map with Bit Discovery through SaltMiner, Saltworks
realized there were more than 800. Having that information at the start of
Saltworks being tasked with building a world-class application security program
for the customer was invaluable in terms of time, risk and cost reductions.
Saltworks,
Bit Discovery Empower AppSec Teams to Know What Needs to be Secured
Applications
are a business fundamental - they access, encode and receive data; run on
servers and operating systems; and touch everything. Attack surface management
identifies what's on a network, who put it there, what it's doing, and what it
interacts with. Layer-in the riskiest applications (those custom built) and the
ability to know what actually exists becomes an overwhelming task, even
before thinking about security as part of the strategy.
"Securing
the business means truly knowing everything that needs to be protected, especially
when it comes to consistency in communication, GDPR compliance, the accuracy of
legal assets, evaluating a merger/acquisition, mitigating security risk, or
doing a competitive analysis," said Jeremiah Grossman, CEO of Bit Discovery.
"The Saltworks partnership makes SaltMiner an even more indispensable AppSec
solution to maintain the security of enterprise-wide applications with the
ability to identify and organize every Internet-accessible technology a company
owns."
Application
security teams that struggle with attack surface management and the extensive
detail required to properly secure applications are, typically, slower to
accept the shift-left mindset. ASM can also seem daunting to those who did not
originate from the development organization, but rather the networking, server
or auditing units. However, the proliferation of cloud technologies and the
sheer volume of applications needed to securely run a business means a
shift-left is no longer optional.
"In
25+ years I haven't seen a company do attack surface management well,
especially large companies that have grown by acquisition or have so many
business units that the amount of applications supporting global operations is
almost unmanageable," continued Hurst. "SaltMiner integrated with Bit Discovery
provides unprecedented access to dig deep and understand the attack surface
across the entire business where systems are highly distributed. It's a dynamic
landscape, and starting at the beginning of the SDLC is the only way to ensure
security integrity."
In
addition to Bit Discovery, other successful Saltworks partnerships that
continue to provide tangible DevSecOps value to companies worldwide include: Orasi, Micro Focus, Sonatype, Secure Code Warrior, Cobalt
and Imperva.