SOFTWARE SECURITY

Contrast Security Introduces Cloud-Native Automation

Contrast Security | April 23, 2022

Contrast Security
Contrast Security , the leader in code security that empowers developers to secure-as-they code, today announced the introduction of cloud-native automation for users leveraging Red Hat OpenShift, the industry's leading enterprise Kubernetes platform. Red Hat OpenShift users can now deploy containerized applications with embedded security features within a native continuous integration and continuous delivery (CI/CD) pipelines. This enables Red Hat OpenShift users to retain scalability, while adding automated security testing and protection as a routine part of the software delivery process. These added capabilities result in minimized manual configuration, reduction in additional overhead costs, and overall security efficiencies.

Contrast enables customers to continuously monitor OpenShift applications at runtime to deliver the most actionable results without requiring AppSec teams to waste hundreds of hours validating results and causing delays for developers.

"Unfortunately many organizations lack the means to implement scalable security gates within their CI/CD pipelines, which translates to insecure code being shipped across distributed cloud environments. Contrast helps these teams drive their DevSecOps transformation with automation at scale. These new capabilities are another component to Contrast's overall mission of ensuring developers are empowered to embed security capabilities within their environments without imposing additional work on them. We want to make security a value-add for everyone."

Sanjay Ramnath, Vice President of Product Management at Contrast Security

Contrast enables Red Hat OpenShift users to benefit from the following capabilities:

  • Source-to-Image Deployment: Cloud developers can embed Contrast's Assess and Protect agents into their source code image to implement continuous vulnerability detection with runtime context and help protect their apps from targeted attacks in production.
  • CI/CD Jenkins Pipelines: AppSec teams can trigger automated security tests within native Jenkins pipelines and establish security policy gates to mitigate potential vulnerabilities. Alternatively, users can also automate in their Jenkins CI/CD pipelines by pulling the agent from Contrast.
  • OpenShift Pipelines via Tekton: Contrast provides OpenShift users with automated tasks that can be used to create repeatable pipeline templates within OpenShift Pipelines environments. APIs provided by the Contrast Secure Code Platform help initiate automated vulnerability static scanning at build time and instrument applications for security telemetry from within prior to deployment.

The Contrast Secure Code Platform is available today with support for Java, .NET, and Node.js applications. 

About Contrast Security
Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Spotlight

The best detection and response solutions provide
deep visibility to secure and investigate potential risk.
Greater automation and contextualization of security
events brings more informed decision-making, faster
triage and effective remediation of threats.

Spotlight

The best detection and response solutions provide
deep visibility to secure and investigate potential risk.
Greater automation and contextualization of security
events brings more informed decision-making, faster
triage and effective remediation of threats.

Related News

DATA SECURITY

Snowflake Launches New Cybersecurity Workload

Snowflake | June 08, 2022

Snowflake, the Data Cloud provider, announced today the release of a new Cybersecurity workload that helps cybersecurity teams to better secure their organizations using the Data Cloud. Cybersecurity teams can rapidly acquire visibility and automation at cloud-scale by using Snowflake's platform and a wide ecosystem of partners offering security capabilities with linked apps. According to Forrester*, 55% of security professionals said that their business encountered an incident or breach involving supply chains or third-party suppliers in the last 12 months. Current security architectures based on outdated security and information management systems (SIEMs) are really not intended to handle the amount and diversity of data required to keep up with cyberthreats. Legacy SIEMs impose stringent ingest fees, short retention periods, and proprietary query languages, making it difficult for security professionals to acquire the insight they need to safeguard their enterprises. Customers that utilize Snowflake's Cybersecurity workload receive access to the platform's capability and adaptability to natively manage structured, semi-structured, and unstructured logs. Customers can store years of high-volume data effectively, search using scalable on-demand computing capabilities, and obtain insights utilizing universal languages like SQL and Python, which are now in private preview. Businesses can also use Snowflake to combine their security data with company data in a single source of truth, allowing contextual data from HR systems or IT asset inventories to feed detections and investigations for greater fidelity alerts and conducting quick queries on vast volumes of data. Teams receive unified insight into their security posture, removing data silos without incurring prohibitive data input or retention expenses. Aside from threat detection and response, the Cybersecurity workload covers a wide variety of use cases such as security compliance, cloud security, identity and access management, vulnerability management, and more. TripActions, the premier all-in-one travel, corporate card, and expense management system, is using the Data Cloud to invest in its long-term cybersecurity data strategy. Prabhath Karanth, Sr. Director of Security, Compliance & Trust, TripActions said that “With Snowflake as our security data lake, we are able to simplify our security program architecture and remove data management overhead. Snowflake has been vital in helping us gain a complete picture of our security posture, eliminating blind spots and reducing noise so we can continue to provide user trust where it matters most. Deploying a modern technology stack from Snowflake is a pivotal piece of our cybersecurity strategy.”

Read More

PLATFORM SECURITY

XM Cyber Acquires Cyber Observer

XM Cyber | June 28, 2022

XM Cyber, a hybrid cloud security provider, announced the acquisition of Cyber Observer, a pioneer in Continuous Controls Monitoring (CCM) and Cloud Security Posture Management (CSPM). This is XM Cyber's latest growth milestone in a year in which the organization has considerably increased its lead position in the cybersecurity market. Companies are changing faster than ever before, owing to growing regulation, competition, and consumer expectations. Traditional risk management techniques are no longer cost-effective and are incapable of providing the coverage or speed necessary in a dynamic digital environment. By incorporating XM Cyber's market-leading attack path management with Cyber Observer's continuous control monitoring, security teams will be able to see both their cyber exposures as well as how their existing security controls and identification and response tools can react to these threats at any given time, accurately representing the true risk to the business. The Cyber Observer platform will be incorporated into XM Cyber's, providing a unified, continuous picture of the vulnerabilities and exposures that put vital assets at risk, as well as the security control gaps that fail to prevent assaults. It will also automate compliance validation and reporting for important standards such as ISO, NIST, GDPR, SWIFT, and PCI. "Even as awareness of cybersecurity risk continues to grow, attackers are thriving and routinely exploiting attack paths that can be used to move laterally through an enterprise network. Our goal is to give security teams the ability to easily understand and correct their security posture on a continuous basis, including weaknesses, exposures and compensating security controls across the full internal and external attack surface covering on-prem, cloud and SaaS systems. This acquisition is not an isolated event, but just the latest step in our strategy to provide the most comprehensive and proactive security posture management platform on the market." Noam Erez, co-founder and CEO, XM Cyber Schwarz Group is the world's fourth largest retailer and a major player in cloud computing. With the establishment of a European cloud, the corporation has expanded fast in the digital area in recent years. Schwarz bought XM Cyber as its cyber branch in November 2021. Since then, XM Cyber has expanded its product offering, increased its worldwide staff, and enlarged its customer base. Schwarz's strong financial stability and wide digital vision are a driving force for development and innovation. "Cyber Observer's patented continuous control monitoring capabilities are a perfect complement to XM Cyber's award-winning hybrid cloud security platform. We are excited about this opportunity and look forward to working with the XM Cyber team to deliver the first end-to-end continuous cyber security posture management solution supporting both cloud and on-premises coverage," said Shimon Becker, co-founder and CEO, Cyber Observer.

Read More

SOFTWARE SECURITY

McGill and Partners Choose CyberCube for Cyber Risk Analytics

CyberCube | July 14, 2022

CyberCube, the provider of the world’s leading cyber risk analytics for the insurance industry, today announces that McGill and Partners, the specialist (re)insurance broker, is using its Portfolio Manager and Broking Manager cyber risk analytics platforms. Launched in 2019 by insurance veteran Steve McGill, McGill and Partners is rapidly growing to become a major force in the insurance and reinsurance market, quickly developing its offering in both cyber reinsurance and insurance. Today the firm has over 430 staff and offices in the UK, US, Bermuda and Ireland. The deal with CyberCube is part of McGill and Partners’ continued development of its cyber (re)insurance strategy. CyberCube’s Portfolio Manager is a scenario-based data-driven model that enables risk professionals to develop insights for their senior leadership and teams. Portfolio Manager stress tests portfolios of insurance and reinsurance risks against a range of systemic cyber-related scenarios including data breaches, cloud outages, global ransomware attacks and financial fraud. Broking Manager is the first software-as-a-service application CyberCube has built specifically for the insurance broking community. It offers a streamlined approach to analyzing potential financial exposure impacts arising from cyber events that helps clients make informed decisions on coverages and limits. “We are excited to be working with the team at McGill and Partners and be part of the company’s cyber (re)insurance growth strategy on both the direct insurance side via Broking Manager and on its reinsurance side via Portfolio Manager.” Alejandra Donoso, CyberCube’s Principal Client Account Manager Neil Sharma, Partner – Reinsurance at McGill and Partner, said: “We are looking to bring all stakeholders in the cyber value chain together; collaborating between our insurance and reinsurance teams and partnering with CyberCube’s platforms which help deepen our understanding of the risks allowing us to provide best-in-class solutions to our clients.” About CyberCube CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation.

Read More