Home > News > featured news > JFrog Integrates with ServiceNow to Improve Software Security Vulnerability Response Times with “ServiceOps”

SOFTWARE SECURITY

JFrog Integrates with ServiceNow to Improve Software Security Vulnerability Response Times with “ServiceOps”

JFrog | May 27, 2022

JFrog
JFrog Ltd. , the Liquid Software company and creators of the JFrog DevOps Platform, today unveiled new integrations for JFrog Xray with ServiceNow’s Lightstep Incident Response and Spoke products for IT Service Management. Available immediately, the JFrog Xray integrations with ServiceNow (NYSE: NOW) provide IT leaders with real-time insights on security vulnerabilities and compliance issues to quickly engage necessary team members from across the organization for more immediate response and remediation.

“Successfully securing the software supply chain at the speed of business is a team sport, requiring efficient, cross-team collaboration for timely security incident remediation. Our integration with ServiceNow aims to change the relationship between developers and the rest of the business, so they can maintain the speed and frequency of releases, while avoiding downtime and loss of trust from end customers."

Shlomi Ben Haim, Co-Founder and CEO, JFrog

The new integration enables IT teams to proactively address security issues before they become major concerns. The combination of JFrog Xray and ServiceNow delivers a robust software composition analysis (SCA) tool that can quickly scan binaries for vulnerabilities and license compliance issues, then share those insights with the appropriate parties across the organization. The JFrog Xray-ServiceNow solution is unique in that it helps DevOps engineers, site reliability engineers (SREs), IT system administrators, and others, more securely build, deploy, run, and monitor applications effortlessly, in a single view. It also enables real-time security alerts and insights with assigned actions across all the tools, people, and processes needed for timely resolution.

JFrog Xray & ServiceNow: Delivering Incident Response & Enterprise-wide Workflow Design for Security Incidents

Identifying and effectively responding to malicious attacks must transcend business units and operational functions. By improving real-time insight, collaboration, and communication amongst and between enterprise security and IT teams, the JFrog Xray-ServiceNow integrations ensure swift responses to emerging security threats.

The JFrog Xray integration with Lightstep Incident Response enables developers, SREs, and Security Administrators to:

  • Monitor, collect and respond to license compliance and security vulnerabilities impacting the software supply chain across all stages of the software development and release lifecycle.
  • Streamline vulnerability response by pulling-in the right team members across the organization for faster remediation.

The JFrog Xray Spoke for ServiceNow allows IT operations staff to:

  • Generate violation reports, create ‘ignore rules’, re-scan builds, add custom item properties, and more.
  • Automate workflows that meet audit demands and avoid penalties for improper use of code segments obtained from the open-source community.
  • Identify problems earlier in the application development pipeline and incorporate change management solutions.

For more information on the new JFrog Xray integrations for ServiceNow Lightstep Incident Response, read this blog or solution sheet. Further details on the JFrog Xray integration with Spoke can be found in this blog. You can also connect with JFrog and ServiceNow solution experts during swampUP 2022 taking place in San Diego, May 25 - 26, 2022. For more information and to register, visit https://swampup.jfrog.com/.


About JFrog
JFrog Ltd. , is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back.

Spotlight

HackerPowered Security Report 2022 By HackerOne

Security automation cannot replace the creativity of humans. In fact, 92% of ethical hackers say they can find vulnerabilities scanners can’t. For the past six years, we’ve been surveying hackers to learn more about how they see the evolving security testing industry. We combine these insights with the world’s largest dataset of vulnerabilities to identify trends that inform our customers how to build an impactful security strategy.

More featured news

Spotlight

HackerPowered Security Report 2022 By HackerOne

Security automation cannot replace the creativity of humans. In fact, 92% of ethical hackers say they can find vulnerabilities scanners can’t. For the past six years, we’ve been surveying hackers to learn more about how they see the evolving security testing industry. We combine these insights with the world’s largest dataset of vulnerabilities to identify trends that inform our customers how to build an impactful security strategy.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

LogRhythm Partners with SentinelOne to Accelerate Prevention, Detection and Response for Enterprise Environments

LogRhythm | December 20, 2022

LogRhythm, the company empowering security teams to defend against an ever-evolving threat landscape today announced its partnership with SentinelOne, an autonomous cybersecurity platform company. Together, LogRhythm and SentinelOne provide an integrated enterprise security solution to prevent, detect, and respond to threats in your environment. The combined solution streamlines security operations and improves response workflow, helping overwhelmed security teams cut through the noise and gain precise insights into cybersecurity threats. Legacy solutions have been unable to keep up with the speed, sophistication, and scope of attacks, in which organizations lack the context and global visibility necessary to address these challenges, leaving them vulnerable to attacks. To remain on top of threats, it's essential for enterprises to understand what's occurring in their network and across their endpoints. However, without a centralized way to collect and action log data, that mission can be overwhelming for security teams. “We are thrilled to formally announce our integration with SentinelOne. This partnership brings together two remarkable platforms that will provide our customers with incomparable visibility for analysts, allowing them to cut through the noise, and recognize and respond to incidents more quickly and effectively. “LogRhythm is committed to helping customers defend themselves against cyberattacks and we will continue to do so by partnering with leading and innovative cybersecurity companies to expand our offerings.” Andrew Hollister, Chief Information Security Officer at LogRhythm LogRhythm’s security analytics automatically incorporate rich endpoint telemetry from SentinelOne, enabling real-time threat protection and providing in-depth analytics for comprehensive security monitoring. LogRhythm SmartResponse™ capability leverages the SentinelOne API to effect automated response to malicious activities, such as automatically blacklisting hash values, or disconnecting affected machines from the network, as well as providing capabilities to collect additional information during an investigation. SmartResponse actions may be triggered directly by an Analytic running in LogRhythm’s patented Analytics Engine, or manually launched by an Analyst from the Web Console. Key benefits of this integration include: Expanded Visibility: Centralize data collection with events from SentinelOne managed user endpoints and cloud workloads Focused automation: Initiate automatic endpoint mitigation with LogRhythm SmartResponse actions Reduced Complexity: Prebuilt integrations and dashboards streamline SOC operations and improve ROI “Our XDR strategy incorporates the integrations and technologies SentinelOne customers value. We’re excited about our partnership with LogRhythm,” said Yonni Shelmerdine, VP XDR Product Management at SentinelOne. “LogRhythm offers extensive support for - and integration across - the Singularity XDR platform, helping our customers from around the globe protect against modern cyberattacks and reduce risk.” This announcement marks yet another milestone in the company’s momentous year. In addition to the release of LogRhythm Axon earlier this Fall, a groundbreaking, cloud-native security operations platform, LogRhythm also recently announced its integration with Gigamon that provides customers with a comprehensive view of network traffic. About LogRhythm LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world. LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps. Together, LogRhythm and our customers are ready to defend. About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

INFOSEC PROJECT MANAGEMENT,PLATFORM SECURITY,SOFTWARE SECURITY

NowSecure Unveils Its Latest Offering, Mobile Pen Testing-as-a-Service (PTaaS)

NowSecure | January 03, 2023

NowSecure, the leader in standards-based mobile app security and privacy software, announced the introduction of its latest solution, NowSecure Mobile Pen Testing as a Service (PTaaS), which will bridge the gap between manual and automated mobile security assessments for continuous security. NowSecure PTaaS is designed to provide mobile developers and security teams with a more cost-effective and efficient pen testing solution. The solution combines periodic expert manual assessments with continuous automated testing to optimize comprehensive coverage at a higher frequency. With this combination, the all-inclusive portal and service can instantly discover concerns early in the developer pipeline, provide consulting help to repair security issues promptly, and accelerate the release of high-quality software into production. As organizations struggle with tightening budgets in conjunction with an increased threat of mobile cyber assaults, there is an industry demand for a cost-effective, higher-coverage, higher-frequency, mobile AppSec testing solution. "According to Coalfire and NowSecure's 4th Annual Penetration Risk Report, 99% of mobile applications pose security or privacy threats." By integrating NowSecure's latest offering, Mobile PTaaS, CISOs and security leaders can optimize their budget for penetration testing while prioritizing continuous, comprehensive security testing. The NowSecure Mobile PTaaS cloud-based platform, built on tens of thousands of pen tests and over 12 years of mobile application security experience, provides a comprehensive set of automatic, continuous, and manual assessments, including: Expert pen testing periodically depending on the specific demand and timeline On-demand and continuous security testing is built into the CD/CI and dev toolchains Automatic ticket generation with incorporated remedial resources Consultation with an experienced pen tester on remediation Optional industry standard(s) certifications and validations All-in-one SAST, IAST, DAST, APISec, and SBOM Simple-to-use dedicated SaaS platform About NowSecure A Chicago-based mobile security company, NowSecure safeguards the worldwide mobile app economy as the leading authority in standards-based mobile application privacy and security automation. The company is trusted by the most demanding enterprises for its comprehensive security testing solution package for DevSecOps, mobile app supply-chain monitoring, Pen Testing as a Service (PTaaS), professional mobile pen testing, and training courseware. NowSecure actively contributes to and supports the open-source mobile security community, industry standards, and certifications such as ADA MASA, OWASP MASVS, NIAP, ioXt, and others. The firm is SOC 2-certified and has been recognized by Gartner, IDC, TAG Cyber, and Deloitte Fast 500.

Read More

DATA SECURITY, ENTERPRISE SECURITY

IronNet Signs Contract to Enhance Cybersecurity of U.S. NAVSEA

IronNet | February 13, 2023

IronNet, Inc. (IronNet), a pioneer in transforming cybersecurity through collective defense℠, recently announced the execution of an initial federal contract to deliver cybersecurity services to the United States Navy's Naval Sea Systems Command (NAVSEA), the largest of the Navy's five "systems commands." The agreement was entered following the successful completion of a pilot program that provided NAVSEA with the IronNet Collective Defense Platform. As nation-state cyber threats against the Defense Industrial Base (DIB) program of the Department of Defense (DoD) continue to increase, IronNet strengthens the DIB's cybersecurity prevention and protection of third-party and supply chain cyber risk. This support corresponds with the DoD's initiatives to encourage DIB entities to provide information and share anonymized cyber threat indicators that they deem helpful for notifying the government and others in order to counter threat actor activities more effectively. The IronNet Collective Defense Platform will allow each contractor in the NAVSEA DIB program to boost its network threat visibility while also integrating them in real-time through a private IronNet Collective Defense Community for NAVSEA. Through linked alerts, automated triage, and extended hunt assistance, the IronNet Collective Defense Platform acts as an early warning system for all participating corporations and organizations, increasing network security. In addition, IronNet's platform was recently updated to increase alert fidelity and analyst workflow by strengthening embedded risk scoring for more accessible alert prioritizing. These improvements result in much lower alert loads, false positives, and a shorter time to investigate. NAVSEA will have enhanced visibility of the current threat landscape, with situational context, thanks to the IronNet Collective Defense Platform, and will be able to increase the effectiveness of existing defenses and cybersecurity solutions used by its DIB contractors. Continuous monitoring of known and undiscovered threats contributes to meeting Cybersecurity Maturity Model Certification (CMMC) parameters. The IronNet Collective Defense Platform offers timely actionable, and relevant cyber attack intelligence earlier in case of an incursion before a threat can have a substantial impact, allowing DIB firms and the Navy to defend US Naval intellectual property better. About IronNet IronNet, founded in 2014, is a leading cybersecurity company transforming how businesses, industries, and governments safeguard their networks. It leverages the abilities of its top-tier cybersecurity operators' real-world, public and private sector, offensive and defensive cyber expertise and integrates their deep tradecraft knowledge into its industry-leading solutions to address the most complex cyber challenges affecting business today. The company's solutions use behavioral analytics, artificial intelligence and machine learning techniques to assist private and public companies in discovering unexpected risks across critical infrastructure.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

LogRhythm Partners with SentinelOne to Accelerate Prevention, Detection and Response for Enterprise Environments

LogRhythm | December 20, 2022

LogRhythm, the company empowering security teams to defend against an ever-evolving threat landscape today announced its partnership with SentinelOne, an autonomous cybersecurity platform company. Together, LogRhythm and SentinelOne provide an integrated enterprise security solution to prevent, detect, and respond to threats in your environment. The combined solution streamlines security operations and improves response workflow, helping overwhelmed security teams cut through the noise and gain precise insights into cybersecurity threats. Legacy solutions have been unable to keep up with the speed, sophistication, and scope of attacks, in which organizations lack the context and global visibility necessary to address these challenges, leaving them vulnerable to attacks. To remain on top of threats, it's essential for enterprises to understand what's occurring in their network and across their endpoints. However, without a centralized way to collect and action log data, that mission can be overwhelming for security teams. “We are thrilled to formally announce our integration with SentinelOne. This partnership brings together two remarkable platforms that will provide our customers with incomparable visibility for analysts, allowing them to cut through the noise, and recognize and respond to incidents more quickly and effectively. “LogRhythm is committed to helping customers defend themselves against cyberattacks and we will continue to do so by partnering with leading and innovative cybersecurity companies to expand our offerings.” Andrew Hollister, Chief Information Security Officer at LogRhythm LogRhythm’s security analytics automatically incorporate rich endpoint telemetry from SentinelOne, enabling real-time threat protection and providing in-depth analytics for comprehensive security monitoring. LogRhythm SmartResponse™ capability leverages the SentinelOne API to effect automated response to malicious activities, such as automatically blacklisting hash values, or disconnecting affected machines from the network, as well as providing capabilities to collect additional information during an investigation. SmartResponse actions may be triggered directly by an Analytic running in LogRhythm’s patented Analytics Engine, or manually launched by an Analyst from the Web Console. Key benefits of this integration include: Expanded Visibility: Centralize data collection with events from SentinelOne managed user endpoints and cloud workloads Focused automation: Initiate automatic endpoint mitigation with LogRhythm SmartResponse actions Reduced Complexity: Prebuilt integrations and dashboards streamline SOC operations and improve ROI “Our XDR strategy incorporates the integrations and technologies SentinelOne customers value. We’re excited about our partnership with LogRhythm,” said Yonni Shelmerdine, VP XDR Product Management at SentinelOne. “LogRhythm offers extensive support for - and integration across - the Singularity XDR platform, helping our customers from around the globe protect against modern cyberattacks and reduce risk.” This announcement marks yet another milestone in the company’s momentous year. In addition to the release of LogRhythm Axon earlier this Fall, a groundbreaking, cloud-native security operations platform, LogRhythm also recently announced its integration with Gigamon that provides customers with a comprehensive view of network traffic. About LogRhythm LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world. LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps. Together, LogRhythm and our customers are ready to defend. About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

INFOSEC PROJECT MANAGEMENT,PLATFORM SECURITY,SOFTWARE SECURITY

NowSecure Unveils Its Latest Offering, Mobile Pen Testing-as-a-Service (PTaaS)

NowSecure | January 03, 2023

NowSecure, the leader in standards-based mobile app security and privacy software, announced the introduction of its latest solution, NowSecure Mobile Pen Testing as a Service (PTaaS), which will bridge the gap between manual and automated mobile security assessments for continuous security. NowSecure PTaaS is designed to provide mobile developers and security teams with a more cost-effective and efficient pen testing solution. The solution combines periodic expert manual assessments with continuous automated testing to optimize comprehensive coverage at a higher frequency. With this combination, the all-inclusive portal and service can instantly discover concerns early in the developer pipeline, provide consulting help to repair security issues promptly, and accelerate the release of high-quality software into production. As organizations struggle with tightening budgets in conjunction with an increased threat of mobile cyber assaults, there is an industry demand for a cost-effective, higher-coverage, higher-frequency, mobile AppSec testing solution. "According to Coalfire and NowSecure's 4th Annual Penetration Risk Report, 99% of mobile applications pose security or privacy threats." By integrating NowSecure's latest offering, Mobile PTaaS, CISOs and security leaders can optimize their budget for penetration testing while prioritizing continuous, comprehensive security testing. The NowSecure Mobile PTaaS cloud-based platform, built on tens of thousands of pen tests and over 12 years of mobile application security experience, provides a comprehensive set of automatic, continuous, and manual assessments, including: Expert pen testing periodically depending on the specific demand and timeline On-demand and continuous security testing is built into the CD/CI and dev toolchains Automatic ticket generation with incorporated remedial resources Consultation with an experienced pen tester on remediation Optional industry standard(s) certifications and validations All-in-one SAST, IAST, DAST, APISec, and SBOM Simple-to-use dedicated SaaS platform About NowSecure A Chicago-based mobile security company, NowSecure safeguards the worldwide mobile app economy as the leading authority in standards-based mobile application privacy and security automation. The company is trusted by the most demanding enterprises for its comprehensive security testing solution package for DevSecOps, mobile app supply-chain monitoring, Pen Testing as a Service (PTaaS), professional mobile pen testing, and training courseware. NowSecure actively contributes to and supports the open-source mobile security community, industry standards, and certifications such as ADA MASA, OWASP MASVS, NIAP, ioXt, and others. The firm is SOC 2-certified and has been recognized by Gartner, IDC, TAG Cyber, and Deloitte Fast 500.

Read More

DATA SECURITY, ENTERPRISE SECURITY

IronNet Signs Contract to Enhance Cybersecurity of U.S. NAVSEA

IronNet | February 13, 2023

IronNet, Inc. (IronNet), a pioneer in transforming cybersecurity through collective defense℠, recently announced the execution of an initial federal contract to deliver cybersecurity services to the United States Navy's Naval Sea Systems Command (NAVSEA), the largest of the Navy's five "systems commands." The agreement was entered following the successful completion of a pilot program that provided NAVSEA with the IronNet Collective Defense Platform. As nation-state cyber threats against the Defense Industrial Base (DIB) program of the Department of Defense (DoD) continue to increase, IronNet strengthens the DIB's cybersecurity prevention and protection of third-party and supply chain cyber risk. This support corresponds with the DoD's initiatives to encourage DIB entities to provide information and share anonymized cyber threat indicators that they deem helpful for notifying the government and others in order to counter threat actor activities more effectively. The IronNet Collective Defense Platform will allow each contractor in the NAVSEA DIB program to boost its network threat visibility while also integrating them in real-time through a private IronNet Collective Defense Community for NAVSEA. Through linked alerts, automated triage, and extended hunt assistance, the IronNet Collective Defense Platform acts as an early warning system for all participating corporations and organizations, increasing network security. In addition, IronNet's platform was recently updated to increase alert fidelity and analyst workflow by strengthening embedded risk scoring for more accessible alert prioritizing. These improvements result in much lower alert loads, false positives, and a shorter time to investigate. NAVSEA will have enhanced visibility of the current threat landscape, with situational context, thanks to the IronNet Collective Defense Platform, and will be able to increase the effectiveness of existing defenses and cybersecurity solutions used by its DIB contractors. Continuous monitoring of known and undiscovered threats contributes to meeting Cybersecurity Maturity Model Certification (CMMC) parameters. The IronNet Collective Defense Platform offers timely actionable, and relevant cyber attack intelligence earlier in case of an incursion before a threat can have a substantial impact, allowing DIB firms and the Navy to defend US Naval intellectual property better. About IronNet IronNet, founded in 2014, is a leading cybersecurity company transforming how businesses, industries, and governments safeguard their networks. It leverages the abilities of its top-tier cybersecurity operators' real-world, public and private sector, offensive and defensive cyber expertise and integrates their deep tradecraft knowledge into its industry-leading solutions to address the most complex cyber challenges affecting business today. The company's solutions use behavioral analytics, artificial intelligence and machine learning techniques to assist private and public companies in discovering unexpected risks across critical infrastructure.

Read More

More featured news