Enso Security today previewed an application security posture management (ASPM) platform that makes it easier for cybersecurity teams to discover applications, identify owners and detect changes.
Fresh off raising $6 million in funding, Enso Security CEO Roy Erlich said the Enso platform advances DevSecOps by providing a frictionless approach that tracks events and analyzes metadata gather from DevOps and security tools to make it possible to automatically track changes to an application environment.
Previously, the only way cybersecurity teams could hope to gather that intelligence was by visiting application development teams in person, noted Erlich. Application developers, either inadvertently or deliberately, are not always forthcoming with the right information at the right time.
In effect, the Enzo platform represents an effort to enable cybersecurity teams to track changes to applications that are occurring at much faster rates without having to unnecessarily slow down the application development process, he said.
Despite innumerable cybersecurity concerns, the rate at which applications are being deployed and updated continues to accelerate. Collectively, developers write nearly 2 billion lines of code per week, which Erlich noted is a rate that cybersecurity teams who typically are understaffed can’t hope to secure on their own. The only practical thing they can do is get ahead of as many application development projects in the hope of discovering as many vulnerabilities and compliance issues as possible before an application is deployed in a production environment.
The challenge, of course, is most development teams are not going to be able to address every issue before an application needs to be deployed. Cybersecurity teams in addition to knowing who is developing what application code, need to also prioritize potential issues versus simply sharing a list of potential issues that have been discovered. As those DevSecOps workflows become established more developers will pay attention to the critical issues being raised versus viewing the cybersecurity team as a hurdle to overcome or avoid altogether.
Of course, cybersecurity teams will also need to have more faith in application development teams. More than a few cybersecurity professionals view human error as the root cause of most of the problems they are asked to address. The stronger the bond with development teams the fewer issues there should be to address after an incident has already occurred. The Enso platform is intended to enable cybersecurity teams to have the most impact on an application development project without being forced to interrogate every developer to determine what’s occurring in any application environment. In fact, one of the reasons developers resent those conversations is they know all the relevant data has already been entered into a system that they would prefer cybersecurity professionals to access on their own.
It’s still early days as far as the bridging of the historic divide between cybersecurity professionals and application developers is concerned. However, the more data that can be seamlessly shared between these teams, the faster the DevSecOps processes needed to bridge that divide can be constructed.