Saltworks collaborates with Bit Discovery to provide ASM capabilities to application security teams

Saltworks announced a partnership with attack surface management (ASM) provider Bit Discovery to integrate advanced ASM capabilities into SaltMiner, Saltworks’ enterprise AppSec management solution that gives visibility into application health, risk and compliance at each stage of the software development lifecycle (SDLC).

Attack surface management is crucial to an effective AppSec program. It empowers IT with an understanding of what Internet-accessible technology/data points (domains/subdomains, IP address, servers, web pages, etc.) must be secured early in the SDLC. Reinforcing a “shift-left” mindset required of today’s DevSecOps initiatives, Saltworks customers now benefit from fast and efficient ASM features that capture, inventory and monitor external digital assets that can be easily viewed and managed in the SaltMiner dashboard.

“Companies can’t expect AppSec teams to effectively secure applications if they don’t even know what needs to be secured,” said Dennis Hurst, founder and president of Saltworks. “Bit Discovery ASM furthers SaltMiner’s ability to protect external digital assets in tandem with the application inventory management functionality SaltMiner already has to secure enterprise architecture surfaces and dependencies.”

A recent Saltworks customer estimated it had 400 web applications. After quickly creating an attack surface map with Bit Discovery through SaltMiner, Saltworks realized there were more than 800. Having that information at the start of Saltworks being tasked with building a world-class application security program for the customer was invaluable in terms of time, risk and cost reductions.

Saltworks, Bit Discovery empower AppSec teams to know what needs to be secured

Applications are a business fundamental – they access, encode and receive data; run on servers and operating systems; and touch everything. Attack surface management identifies what’s on a network, who put it there, what it’s doing, and what it interacts with. Layer-in the riskiest applications (those custom built) and the ability to know what actually exists becomes an overwhelming task, even before thinking about security as part of the strategy.

“Securing the business means truly knowing everything that needs to be protected, especially when it comes to consistency in communication, GDPR compliance, the accuracy of legal assets, evaluating a merger/acquisition, mitigating security risk, or doing a competitive analysis,” said Jeremiah Grossman, CEO of Bit Discovery. “The Saltworks partnership makes SaltMiner an even more indispensable AppSec solution to maintain the security of enterprise-wide applications with the ability to identify and organize every Internet-accessible technology a company owns.”

Application security teams that struggle with attack surface management and the extensive detail required to properly secure applications are, typically, slower to accept the shift-left mindset. ASM can also seem daunting to those who did not originate from the development organization, but rather the networking, server or auditing units. However, the proliferation of cloud technologies and the sheer volume of applications needed to securely run a business means a shift-left is no longer optional.

“In 25+ years I haven’t seen a company do attack surface management well, especially large companies that have grown by acquisition or have so many business units that the amount of applications supporting global operations is almost unmanageable,” continued Hurst. “SaltMiner integrated with Bit Discovery provides unprecedented access to dig deep and understand the attack surface across the entire business where systems are highly distributed. It’s a dynamic landscape, and starting at the beginning of the SDLC is the only way to ensure security integrity.”

In addition to Bit Discovery, other successful Saltworks partnerships that continue to provide tangible DevSecOps value to companies worldwide include: Orasi, Micro Focus, Sonatype, Secure Code Warrior, Cobalt and Imperva.