New Relic launched new capabilities for New Relic IAST (Interactive Application Security
Testing), including proof-of-exploit reporting for application security
testing. New Relic customers can now identify exploitable vulnerabilities with
a unique-in-the-industry ability to reproduce the problem and remediate the
specific threat vector before shipping new code. This enables security and
engineering teams to focus on real application security problems with zero
false positives, as validated by the OWASP benchmark result of 100% accuracy.
Developers often face a flood of security alerts
from legacy code scanners and are then forced to manually investigate them.
Engineers can spend up to 60% of their development time triaging
vulnerabilities that pose little risk to the business while exploitable
vulnerabilities are not fixed. This builds frustration and friction, hampering
their ability to focus on writing and shipping quality applications.
Proof-of-exploit reporting categorizes applications as safe, exploitable, or
untested, helping engineers quickly identify vulnerabilities and make informed
decisions on which app to deploy to production or retest. With instant feedback
on security issues during the development cycle, security and engineering teams
can come together to securely and quickly ship code.
"Security must be ingrained in the development
culture, not just added on. New Relic IAST offers engineering and IT teams the
ability to identify real application security risks with the same platform they
use to monitor application performance," said New Relic Chief Product
Officer Manav Khurana. "It strengthens DevSecOps by bringing developers and
security teams together to write secure code that defends against the threats
of tomorrow and promotes a proactive stance on security. For well over a decade,
the New Relic full-stack observability platform has bridged organizational
silos by providing a single, trusted source of truth and unified user workflows
- and now New Relic IAST furthers this mission."
New updates include:
-
Proof-of-exploit
reporting: Find, fix,
and verify exploitable vulnerabilities with dynamic assessment capabilities
that pinpoint the API calls, method calls, and traces with vulnerabilities by
simulating real-world attacks.
-
Secure by design: The new
risk exposure and assessment feature provides visibility into every code change
showing potential vs. detected exposures so developers can quickly replicate,
remediate, and validate fixes.
-
Instant ROI: New Relic IAST is the only application security solution available
out of the box in a full consumption model, so users no longer pay for security
shelfware that can take months to deploy.
-
Instant Impact
Analysis: Know the number of applications impacted by a
vulnerability and the potential severity of the identified risk with APM
telemetry integrated with vulnerability management.
IAST is native to the New Relic all-in-one observability platform, which
eliminates the need for additional agents, and it is now generally available in
a usage-based pricing model. Get started by contacting your New Relic account
representative or sign up for a free account.
Existing users can activate their preview by logging into their New Relic
account today. Legacy and site license accounts must migrate to consumption
billing for preview access.