Legit Security, a cyber security company with an enterprise Application Security Posture Management (ASPM) platform for secure application delivery and software supply chain security, announces expanded capabilities to provide comprehensive visibility into an application’s security posture including deep contextual insights and automated detection-to-remediation workflows so enterprises can release software fast while protecting against evolving threats. These new capabilities further solidify Legit Security’s ASPM leadership by extending automated security controls throughout the application development lifecycle and providing new innovative features for fast and secure application delivery. More details on the latest ASPM capabilities can be found on the company’s blog.
Enterprises today have adopted multiple security tools and scanners to detect threats, however these traditional tools were not designed to consolidate vulnerabilities and risks into a holistic view of an application’s security posture. Disparate scanners also create excessive noise, overlapping scanner functionality, duplicate tickets, and lack crucial context resulting in poor prioritization of risks and an incomplete and fragmented understanding of the root cause of security issues.
Legit Security’s ASPM platform provides a unified solution to address these challenges by consolidating visibility and risk management across multiple development and security tools, allowing for streamlined management, scalability and efficiency. With Legit, organizations obtain a unified view of their application’s security posture and aggregate relevant information and context to provide a holistic understanding of application risk. This more effectively prioritizes security issues to address high severity risks first, such as vulnerabilities directly tied to business-critical applications and runtime environments.
“Every organization that develops software needs to control their development lifecycle and add security layers into that,” says Nir Yizhak, CISO for Firebolt, a provider of next generation cloud data warehouse solutions. “An ASPM platform can help you govern and track issues in a manner that helps prioritize things. Legit Security gives us a single place to orchestrate all application security issues from code to cloud, event management, misconfigurations, known vulnerabilities, and code quality issues, end-to-end in a single platform.”
Legit Security’s ASPM platform automatically maps the pre-production development environment, ingests vulnerability data from other security systems, and enriches this data with context from code creation to runtime deployment for intelligent, risk-based prioritization and rapid remediation. The Legit Score provides granular insights with a numeric risk score that measures the real-time security posture of a given application, development team, or SDLC system. This allows AppSec teams to respond quickly to the most pressing issues and threats based on their risk to the business and leverages automated workflows to reduce time to resolution. Additionally, Legit provides comprehensive software supply chain security and ensures all software is released according to industry standard and compliance frameworks such as SLSA and SSDF.
Legit Security extends upon its enterprise ASPM platform with several new and innovative capabilities announced today:
- Custom security controls that provide a powerful and convenient way to create, manage and enforce automated application security guardrails for code scanning, CI/CD pipeline security and more.
- Custom security policies that can be created and enforced simply by saving a custom search/query against the Legit Security platform’s graph model of the pre-production development environment. Custom security policies and then be further defined by severity, remediation steps and more.
- Expanded ASPM platform integrations with BlackDuck, Snyk Code and SonarQube to ingest, consolidate and manage vulnerabilities within the Legit Security platform, enabling teams to prioritize issues faster and remediate them more efficiently.
- Legit’s code-to-cloud correlation engine has been enhanced to correlate code repositories to containers running in any Kubernetes cluster, regardless of the cloud vendor, to identify all code security issues relevant to running workloads and enable rapid shift left remediation.
- Further expansion of market leading software supply chain security capabilities with the ability to detect and alert suspicious activity in GitHub Source Code Management systems using machine learning to detect anomalous geolocation access attempts.
“Security and development teams face tough challenges to release secure applications at scale today,” said Liav Caspi, co-founder and CTO of Legit Security. “We’ve been fortunate to work with many of the world’s leading enterprises to streamline their security operations to keep applications safe while releasing fast. Our recent platform capabilities extend our unique approach to ASPM with innovative capabilities to discover, map, and protect software supply chains, analyze and score risks with deep application context, and continuously govern and validate an application’s security guardrails.”
SOURCE: PRNewswire