Cycode, the San Francisco-based software supply chain security solutions provider, is launching of Cycode Application Security Orchestration and Correlation (ASOC) to provide security teams consistent visibility into the various AppSec tools that are used in modern software delivery pipelines. According to the company, full visibility of all AppSec tooling allows for greater control over pipeline vulnerabilities and fundamentally protects the development infrastructure.
How Cycode ASOC Works
Acting as a management layer between application development and security testing, Cycode ASOC automatically discovers tooling across the software development life cycle (SDLC) and analyzes and correlates the tools’ data, identifying vulnerabilities across different modules. When a vulnerability appears more than once, Cycode ASOC automatically deduplicates it while also aggregating the remaining unique results into one centralized location.
Listen: My TechDecisions Podcast Episode 193: April 2023 Patch Tuesday
In the centralized location, the vulnerabilities are prioritized by level of risk to help with remediation. By reducing the noise, this automated process allows security teams to focus on fewer issues that are of the highest priority. This in turn, increases the effectiveness of security teams and reduces alert fatigue, says the company.
Benefits for Security Teams
Cycode ASOC provides:
- Automated tool discovery – automatically discover tooling starting with the SCM, the foundation of DevOps infrastructure
- Pipeline security posture – gain visibility into pipeline and tool configurations, including which security tools are used in each phase of the development process
- Comprehensive prioritization – ingest data and prioritize vulnerabilities from third-party solutions
“Security teams are struggling to protect their development infrastructure because they lack visibility into the many tools used in modern software delivery pipelines such as cloud platforms, serverless, SaaS and other ephemeral services,” said Ronen Slavin, co-founder and CTO of Cycode, in a statement. “Even software teams that build and use pipelines may not be aware of all the tools in use and how they are configured. This limited visibility creates huge blind spots in the security program, forcing security teams to waste resources trying to understand and secure pipelines, and prevents consistent management of security risks.”
Cycode will be at the RSA Conference 2023 and will be demonstrating its ASOC feature at booth #6471 from Monday, April 24 through Thursday, April 27, 2023, at the Moscone Center in San Francisco, Calif.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply