PureSec Recognized as a Gartner Cool Vendor!


AppSec/API Security 2022

How cool is this? PureSec was recognized by Gartner as a Cool Vendor! Gartner awards the Cool Vendor honor to vendors and products who prove themselves as innovators in their space, and we couldn’t be more excited at the inclusion.


The serverless space, despite technically being about four or five years old, is still incredibly young. All of us here at PureSec believe that the future is serverless, and that serverless embodies an incredible opportunity to empower organizations like never before. One of the greatest promises of serverless is “You don’t need to worry about X, you can just code!”. PureSec, along with our partners, is working to realize this promise. The PureSec Serverless Security Platform (SSP) brings security as close to the application as possible and makes sure that developers don’t have to worry about security while CISOs and other security professionals get the governance and visibility they need.


Gartner recognizing us as a Cool Vendor, along with the incredible momentum we’ve been seeing with PureSec customers, is a massive validation of our efforts specifically and the serverless movement in general. Companies big and small are realizing they can embrace the agility and scale of serverless without compromising on security.


blog banner


So, what’s cool about PureSec? Here are a few things we’re excited about:

Unified, Serverless-ready protection for Functions, Containers, and Hosts.

While PureSec is a serverless-first company, we understand that our customers are operating on hybrid environments, and we want to make the path to serverless as obstacle-free as possible. That’s why we recently extended the PureSec runtime protection module to containers, hosts, IoT, and Edge. This means that PureSec customers get full, application-aware security coverage for any type of workload, while securing those workloads in a way they won’t have to dramatically change as they move more workloads to serverless. This is important since traditional security solutions are not a good fit for securing serverless workloads.


End-to-end protection, from dev to production, from scanning to real-time defense. On any platform.

The PureSec SSP spans the entire lifecycle of your application and the serverless architecture it uses. During development and build time, PureSec integrates with the CI/CD tools that you’re already using, tools like: Jenkins, CodeShip or AWS CodeBuild. Through these integrations, your developers can run security scans as part of the normal build process and receive notifications & remediate security issues such as vulnerabilities in open source libraries or insecure IAM roles & permissions. Having the ability to run security scans as part of the build means that developers don’t have to change their current work process to keep their serverless applications secure.


Security teams and cloud architects can define security and quality thresholds which dictate that if the build doesn’t meet certain corporate security policies, it will fail and will not allow developers to deploy insecure applications.


Any cloud-native event trigger that invokes your PureSec-protected function is intercepted, classified, decoded and inspected by the Serverless Application Firewall. Any kind of event-data injection attack will be instantly detected, so malicious event data never reaches your business logic. The Serverless Application Firewall is “serverless-native”, so it can inspect ANY type of event trigger coming from dozens of different event sources such as: API Gateway, S3, DynamoDB, Kinesis, IoT telemetry data such as MQTT messages and even WebSockets.


Protection that scales as you grow.

PureSec’s runtime protection is attached to each function, so your protection scales with your serverless functions – regardless if you have 1 invocation or a 1,000,000 – in one region, or in multiple regions. There is no single point of failure and capacity is never an issue. You’re also able to control your serverless security policies programmatically, so making bulk changes or updates is easy.


In every step of the way, from development to production, the PureSec serverless security platform provides rich logs and deep visibility into your security posture. Know exactly how your functions are behaving at any given time and have forensic data ready in case of a security incident or build failure.


Being a part of the serverless community.

The serverless community is one of the most exciting, rapidly growing movements the software development world has ever seen, and we couldn’t be more excited to be a part of it. We spend a lot of our time trying to think of ways to do our part and contribute to the community. So far we’ve done so by releasing useful serverless security resources such as the AWS Lambda Security Best Practices guide and the Top 12 Serverless Security Risks guide, which was a joint effort with the Cloud Security Alliance. These resources and more are all freely available on our website.


The tool we’re probably most excited about is FunctionShield, which is a free serverless protection library for AWS Lambda and Google Cloud Functions. FunctionShield provides a solid protection baseline for serverless applications, did we mention it’s free?


We’re excited to be included in this year’s line up of Gartner Cool Vendors, and we want to thank our customers and partners for working with us on building the future of application security!




*** This is a Security Bloggers Network syndicated blog from PureSec Blog authored by Ron Harnik. Read the original post at: