Cycode Launches Application Security Orchestration and Correlation Solution to Streamline Vulnerability Testing and Remediation : @VMblog

Article

Search:

Follow VMblog.com:

Improve end user experience in VDI, DaaS and physical endpoint environments

Cycode Launches Application Security Orchestration and Correlation Solution to Streamline Vulnerability Testing and Remediation

Cycode announced the launch of Cycode Application Security Orchestration and Correlation (ASOC), an evolutionary solution in its platform that provides security teams consistent visibility into the various AppSec tools that are used in modern software delivery pipelines. Full visibility of all AppSec tooling allows for greater control over pipeline vulnerabilities and fundamentally protects the development infrastructure.

Acting as a management layer between application development and security testing, Cycode ASOC automatically discovers tooling across the software development life cycle (SDLC) and analyzes and correlates the tools' data, identifying vulnerabilities across different modules. When a vulnerability appears more than once, Cycode ASOC automatically deduplicates it while also aggregating the remaining unique results into one centralized location.

In the centralized location, the vulnerabilities are prioritized by level of risk to help with remediation. By reducing the noise, this automated process allows security teams to focus on fewer issues that are of the highest priority. This in turn, increases the effectiveness of security teams and reduces alert fatigue.

Cycode ASOC provides:

Automated tool discovery - automatically discover tooling starting with the SCM, the foundation of DevOps infrastructure
Pipeline security posture - gain visibility into pipeline and tool configurations, including which security tools are used in each phase of the development process
Comprehensive prioritization - ingest data and prioritize vulnerabilities from third-party solutions

"Security teams are struggling to protect their development infrastructure because they lack visibility into the many tools used in modern software delivery pipelines such as cloud platforms, serverless, SaaS and other ephemeral services," said Ronen Slavin, co-founder and CTO of Cycode. "Even software teams that build and use pipelines may not be aware of all the tools in use and how they are configured. This limited visibility creates huge blind spots in the security program, forcing security teams to waste resources trying to understand and secure pipelines, and prevents consistent management of security risks."

Published Wednesday, April 19, 2023 9:56 AM by David Marshall

Filed under: Security

Get This Featured White Paper: Gorilla Guide to Real-Time Ransomware Detection and Recovery

You may also be interested in this white paper: PrinterLogic and IGEL Enable Healthcare Organizations to Deliver Better Patient Outcomes

Comments

There are no comments for this post.

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!