ZeroNorth, the security industry’s first provider of orchestrated risk management, announced enhancements to its platform.
These enhancements increase the breadth and scalability of the platform and empower organizations to more easily and efficiently orchestrate security throughout the continuous integration and continuous delivery (CI/CD) of software.
With these capabilities, organizations can now realize comprehensive risk visibility throughout the software development life cycle (SDLC).
Dozens of scanning tools exist to identify vulnerabilities in different parts of the application life cycle or areas of an organization’s infrastructure. These tools cover static code analysis, composition analysis, container, infrastructure and dynamic scans, as well as pen testing.
However, each tool is typically not capable of identifying more than 20 percent of existing vulnerabilities. This means that organizations need to use multiple tools to obtain a full picture of risk. Dedicated resources are required to manage each of these, making software and infrastructure risk management fragmented, incomplete and expensive.
The ZeroNorth platform accelerates and scales proactive software and infrastructure risk management with patented technology that continuously orchestrates the discovery and prioritization of vulnerability remediation.
The ZeroNorth platform detects and adapts to changing code, applications and infrastructure, initiates scans with best-of-breed open source and commercial tools via integrations and identifies and prioritizes top vulnerabilities to speed remediation.
Broader orchestration capabilities
The ZeroNorth platform now allows firms to not only centrally manage dynamic application and infrastructure scanning, but also provides orchestration of those proactive risk discovery tools that run on software repositories, build systems and containers.
This orchestration provides governance at scale for security and audit without affecting software development velocity, by reducing CI/CD pipeline brittleness and downtime. The ZeroNorth platform then correlates and prioritizes the output of all these disparate vulnerability discoveries, unifying an organization’s risk management and remediation playbooks.
Deeper integrations across the SDLC
The ZeroNorth platform continues to add strategic integrations to provide deeper insight into more areas of the software development life cycle than any other tool.
These integrations focus on market leaders and emerging players in each key category in the software life cycle, from static analysis, to software composition analysis, artifact/registry scanning, container management, penetration testing, network scanning, vulnerability scanning, and database and cloud middleware scanning.
The company’s newest support includes:
- Fortify on Demand 19.2 DAST and fully orchestrated SAST, providing customers with frictionless set up and management.
- Coverity 2018.12, providing customers with market-leading vulnerability discovery across a broad set of programming languages.
- Support for authenticated DAST scanning, answering demand for the most common vulnerability discovery activity, while addressing challenges of consistency and scale.
- AWS Security Hub, helping organizations proactively manage a wide range of software and infrastructure vulnerabilities in the cloud, without having to pick emerging market winners.
Support for more architectures and environments
The ZeroNorth platform can be now be deployed in a customer’s private cloud or on-prem to meet a flexible set of security requirements. ZeroNorth’s platform integration toolkit minimizes friction in developing solution architectures that combine on-prem and SaaS-based security tools, even when customers have stringent host and network security controls.
“ZeroNorth centralizes risk management so organizations can roll out vulnerability discovery and remediation capabilities across a CI/CD pipeline without augmenting staff dramatically – and these enhancements to our platform simplify the process even more,” said John Steven, ZeroNorth’s CTO.
“By scaling vulnerability discovery, ZeroNorth changes the economics of a security program, allowing staff to concentrate on remediation and security engineering. We organize and report vulnerability data in a way that businesses want, so they can act quickly and efficiently.”