On February 23, 2023, Contrast Security, a leading code security platform, announced the expansion of its contrast serverless application security tool, Contrast Serverless, to support Microsoft Azure Functions and allow customers to quickly scan for security vulnerabilities across multi-cloud environments.
While serverless and cloud-native development gains popularity, organizations struggle to determine which applications are fully secured due to the 'shared responsibility security model' of public cloud providers, particularly in the case of multi-cloud IT strategies.
Contrast Serverless addresses the needs of such organizations by providing a new security tool that is specifically designed to evaluate serverless risks while identifying common vulnerabilities (CVEs), detecting misconfigurations, and revealing user privilege issues, all within a single interface.
"Data shows 74% of infrastructure decision-makers at firms that are adopting public cloud use two or more public clouds and 17% are using five or more. Therefore, it's no surprise that 82% of cloud users have experienced security events due to confusion over shared responsibility security models."
(Avoid the Security Inconsistency Pitfalls Transitioning to Serverless 2022 Report)
The addition of Microsoft Azure Functions support to the Contrast Serverless platform allows organizations to evaluate the risk of their serverless applications across Microsoft and Amazon Web Services (AWS) from a single offering.
The tool provides complete visibility of cloud-native serverless functions, allowing the AppSec team to continuously monitor the organization's serverless posture. It also allows organizations to scan open source dependencies for vulnerabilities in applications and custom code, detect misconfigurations, and identify the least privilege issues based on Microsoft Azure function policy roles and active directory configurations.
Additionally, the tool can generate a contextual Microsoft Azure Functions risk score based on the abovementioned methods, enabling teams to address the most significant risk issues first. It also has the ability to apply remediation on function code in both AWS and Microsoft Azure environments.
About Contrast Security
Contrast Security is a renowned platform for code security, purposefully designed for developers to ensure swift and secure code movement while being trusted by security teams to safeguard business applications. It allows developers, security, and operations teams can quickly secure code across the entire Software Development Life Cycle (SDLC) and protect against targeted Application Security (AppSec) attacks. The company was founded in 2014 by cybersecurity industry veterans with the aim of replacing legacy AppSec solutions that cannot protect modern enterprises. The company's clientele includes some of the most prominent brands, such as BMW, Sompo Japan, DocuSign, AXA, Zurich, American Red Cross, and numerous other Fortune 500 enterprises globally.