WhiteHat Security Enlists Rural Sourcing to Close DevSecOps Gap
WhiteHat Security this week announced it has formed a technology alliance with Rural Sourcing Inc. (RSI) to close the gap between when application vulnerabilities discovered and remediated.
Matthew Hutchinson, vice president of marketing for WhiteHat Security, said his company provides a software-as-a-service (SaaS) application to discover application vulnerabilities, but customers have been asking WhiteHat Security to remediate those issues as well. To provide that end-to-end cybersecurity service, the company partnered with RSI, a provider of managed security services, Hutchinson said.
The WhiteHat Application Security Platform provides access to software composition analysis (SCA) tools to identify the reusable components within an application and what vulnerabilities might be present, along with static application security testing (SAST) tools to scan source code and dynamic application security testing (DAST) tools to continuously scan websites as code is updated. Those WhiteHat tools rely on 18 years of data on application vulnerabilities and 100 million attack vectors that the company has tracked to identify vulnerabilities now, using a combination of machine learning algorithms and cybersecurity researchers.
The goal is to cover the entire life cycle of an application, which now includes remediating vulnerabilities with the help of RSI to provide a complete range of DevSecOps capabilities, Hutchinson said, adding the two companies will also work together to align their respective artificial intelligence (AI) efforts.
While new malware is being developed all the time, most cybercriminals continue to rely on tried-and-true methods such as SQL injections to compromise applications. Most application development teams are well-aware of these vulnerabilities, but they keep showing up in applications because most organizations don’t have a set of DevSecOps processes in place to discover human errors made by developers during the application development process. WhiteHat Security provides tools that can be invoked as a service to put those processes in place, which in theory should reduce the number of vulnerabilities the RSI later would be called on to remediate.
While significant advances have been made of late when it comes to applying AI to cybersecurity, it’s not likely machine learning algorithms are going to replace the need for cybersecurity specialists anytime soon. The issue organizations need to address now is the degree to which they want to devote their own resources to hiring cybersecurity specialists as full-time employees versus relying on a managed security services provider (MSSP) such as RSI. Given the chronic shortage of IT professionals with cybersecurity skills, many organizations increasingly are opting to rely on MSSPs. Going forward, Hutchinson said WhiteHat Security will continue to partner with other MSSPs at a technology level as customer demands dictate—the company already has several existing relationships with partners that resell the company’s core SaaS platform.
In the meantime, technology alliances are becoming more common across the cybersecurity category as the number of tools and services required to secure an organization continues to expand. But tools providers need to come to terms with the fact that most organizations today would rather not have to directly manage a small army of vendors to secure their IT environments. The only way to address that issue is for vendors to either form meaningful technology alliances or outright merge with one another to provide the proverbial one cybersecurity throat to choke.
