In their rush to embrace digital transformation, many enterprises often overlook the importance of cybersecurity and may be exposing themselves to more risk than necessary. Cybersecurity challenges are nothing new; however, businesses are accelerating their moves toward the cloud and are attempting to redevelop applications at the speed of business, trying to garner a competitive advantage.
It is a situation that has put many cybersecurity pros at odds with DevOps teams and those trying to embrace agile methodologies to meet the demands of continuous delivery. Boston-based ZeroNorth is attempting to assuage some of that cybersecurity angst by making risk-based vulnerability orchestration part of the software development life cycle.
ZeroNorth is touting its new platform as an avenue to bring risk analytics directly into the development pipeline.
“As digital transformation initiatives have become a necessity for organizations of all sizes, it’s critical that security teams and developers work in lockstep to prevent the speed of development from compromising security, and the speed of security from slowing down development,” said John Worrall, chief executive officer at ZeroNorth. “Our latest platform enhancements help to easily bring security to developers where they already live, reducing the friction often found between these teams.”
The ZeroNorth Platform is designed to bring a security overlay to the pipeline platforms used by developers, while also providing the tools to perform vulnerability scans against applications and infrastructure. The ultimate goal is to bring forth actionable intelligence that highlights potential risk before deployment of applications.
The ZeroNorth platform integrates with the leading software pipeline platforms, including GitHub, GitLab, Azure DevOps and BitBucket. Integration provides enhanced capabilities, wherein developers are notified of risk and remediation advice in the pipeline platform’s native forms, allowing developers to participate in the DevSecOps process. The company is also offering integration into infrastructure platforms via its partnership with RedLock, which provides visibility into cloud configurations. The tool is able to discover risk and compliance concerns across Microsoft Azure, Google Cloud and AWS environments.
Another new capability comes in the form of leveraging Onapsis, which allows the ZeroNorth Platform to strengthen security across SAP environments. That integration supports developers working on native SAP environments and provides visibility into risk that materializes from SAP platform code, giving developers a pathway to remediation.
Although risk-based vulnerability orchestration is a rather new concept in the development world, it is becoming a critical concern for those pursuing DevSecOps and seeking to increase the velocity of delivery. Developers are quickly learning that identifying, prioritizing and remediating vulnerabilities across the software development life cycle is becoming ever more important as they look to accelerate the process of code commit to build to deployment.
DevSecOps ultimately requires a new way of thinking and tools to match. ZeroNorth is attempting to become that toolset and is using an integrated platform approach to achieve what may become DevSecOps nirvana.