Cycode Launches Application Security Orchestration and Correlation Solution to Streamline Vulnerability Testing and Remediation
Update: As of July 17th, this product has been renamed Application Security Posture Management.
SAN FRANCISCO, April 18, 2023
the leader in software supply chain security, today announced the launch of Cycode Application Security Orchestration and Correlation (ASOC), an evolutionary solution in its platform that provides security teams consistent visibility into the various AppSec tools that are used in modern software delivery pipelines. Full visibility of all AppSec tooling allows for greater control over pipeline vulnerabilities and fundamentally protects the development infrastructure.
Acting as a management layer between application development and security testing, Cycode ASOC automatically discovers tooling across the software development life cycle (SDLC) and analyzes and correlates the tools’ data, identifying vulnerabilities across different modules. When a vulnerability appears more than once, Cycode ASOC automatically deduplicates it while also aggregating the remaining unique results into one centralized location.
In the centralized location, the vulnerabilities are prioritized by level of risk to help with remediation. By reducing the noise, this automated process allows security teams to focus on fewer issues that are of the highest priority. This in turn, increases the effectiveness of security teams and reduces alert fatigue.
Cycode ASOC provides:
- Automated tool discovery – automatically discover tooling starting with the SCM, the foundation of DevOps infrastructure
- Pipeline security posture – gain visibility into pipeline and tool configurations, including which security tools are used in each phase of the development process
- Comprehensive prioritization – ingest data and prioritize vulnerabilities from third-party solutions
“Security teams are struggling to protect their development infrastructure because they lack visibility into the many tools used in modern software delivery pipelines such as cloud platforms, serverless, SaaS and other ephemeral services,” said Ronen Slavin, co-founder and CTO of Cycode. “Even software teams that build and use pipelines may not be aware of all the tools in use and how they are configured. This limited visibility creates huge blind spots in the security program, forcing security teams to waste resources trying to understand and secure pipelines, and prevents consistent management of security risks.”
Cycode will be present at the RSA Conference 2023 and will be demonstrating its ASOC feature at booth #6471 from Monday, April 24 through Thursday, April 27, 2023, at the Moscone Center in San Francisco, California. To meet with an executive on the team onsite at RSA or remotely, please reach out here.
Cycode’s modern approach to application security enables organizations to effectively secure their cloud-native applications with cost-efficient use of tooling and staff across the SDLC. The Cycode platform makes AppSec tools better through its Knowledge Graph, which provides complete context of the SDLC to improve accuracy and reduce mean-time-to-remediation (MTTR). Cycode merges the top eight AppSec tools into the industry’s most advanced and comprehensive AppSec platform. By correlating data across these tools Cycode offers new capabilities, like Pipeline Composition Analysis which identifies vulnerable dependencies and security issues missed by legacy tools like SCA and SAST—across the entire SDLC; pin-points vulnerable dependency locations and prioritizes threats by exploitability.