Backslash Security introduced its Fix Simulation and AI-powered Attack Path Remediation capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
Azul’s Intelligence Cloud consists of two services which address these challenges for Java applications running in production:
- Azul Vulnerability Detection, to eliminate false positives by accurately identifying and prioritizing known security vulnerabilities; and
- Code Inventory, to help identify unused and dead code by precisely detailing what custom and third-party code is actually run.
By supporting any JDK distribution including those from Azul, Oracle, Amazon, Eclipse, Microsoft, Red Hat and others, Azul Intelligence Cloud delivers key benefits across an enterprise’s entire Java fleet:
- Eliminate Vulnerability False Positives: Uses information the JVM inherently has when running a Java application to identify vulnerable code that actually runs, generating accurate results unattainable by traditional application security tools. Enables DevOps to prioritize vulnerabilities based on actual risk, saving time while reducing security issue backlogs and improving production security posture.
- Efficiently Triage New Vulnerabilities: Provides continuous detection for Java applications in production so DevOps teams can efficiently triage new critical vulnerabilities during events like Log4j. Saves DevOps time and minimizes disruption so teams can focus on other productive tasks. The Azul Vulnerability Detection Knowledge Base is rapidly and continuously updated with newly published Java-specific vulnerabilities.
- Code Use Analysis and Unused Code Visibility: Gives an aggregate view of when code was run — down to the method level — across an enterprise’s Java workloads. Enables DevOps to understand what code is used in production and helps identify unused and dead code for removal (i.e. pinpoints unused classes and libraries). Doing so lowers code maintenance effort and increases developer productivity, freeing up resources for more important business initiatives.
- Real-time and Historical Analysis, Accelerated by AI: Azul Intelligence Cloud retains component and code use history, allowing for focused forensic efforts to determine if vulnerable code was exploited prior to it being known as vulnerable. Azul’s security team uses AI to quickly identify Java-specific CVEs from the National Vulnerabilities Database (NVD) and rapidly update the Azul Vulnerability Detection Knowledge Base with newly published vulnerabilities.
- No Performance Impact in Production: Azul Intelligence Cloud efficiently captures Java runtime data that exists within a JVM when running a Java application, resulting in no performance impact, something not possible using traditional security or profiling tools.
“Today’s businesses are under relentless pressure to innovate, accelerate time-to-market and fortify application security, all while grappling with resource constraints,” said Scott Sellers, co-founder and CEO of Azul. “Azul Intelligence Cloud is a game-changer. Using the information already inside JVMs running in production, Intelligence Cloud provides unprecedented precision and the intelligence needed to solve two significant DevOps challenges – alert fatigue from an intractable vulnerability false positive backlog and technical debt from maintaining unused code. We’re excited to extend these capabilities across all an enterprise’s Java application fleet, regardless of JDK vendor or distribution, to dramatically slash time from unproductive tasks and multiply DevOps productivity.”
Industry News
Check Point® Software Technologies Ltd. announced the appointment of Nadav Zafrir as Check Point Chief Executive Officer.
Sonatype announced that Sonatype SBOM Manager, its Enterprise-Class Software Bill of Materials (SBOM) solution, and its artifact repository manager, Nexus Repository, are now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
Broadcom unveiled the latest updates to VMware Cloud Foundation (VCF), the company’s flagship private cloud platform.
CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists.
Zesty announced the launch of its Insights and Automation Platform.
Progress announced the availability of Progress® MarkLogic® FastTrack™, a UI toolkit for building data- and search-driven applications to visually explore complex connected data stored in Progress® MarkLogic® platform.
Snowflake will host the Llama 3.1 collection of multilingual open source large language models (LLMs) in Snowflake Cortex AI for enterprises to easily harness and build powerful AI applications at scale.
Secure Code Warrior announced the availability of SCW Trust Agent – a solution that assesses the specific security competencies of developers for every code commit.
GFT launched AI Impact, a new solution that leverages artificial intelligence to eliminate technical debt, increase developer efficiency and automate critical software development processes.
Code Metal announced a $13M seed, led by Shield Capital.
Atlassian Corporation has achieved Federal Risk and Authorization Management Program (FedRAMP) “In Process” status and is now listed on the FedRAMP marketplace.
Check Point® Software Technologies Ltd. announced that it has received a Leader ranking in The Forrester Wave™: Mobile Threat Defense Solutions, Q3 2024 report.
Mission Cloud announced the launch of Mission Cloud Engagements - DevOps, a platform designed to transform how businesses manage and execute their AWS DevOps projects.
Accelario announces the release of its free TDM solution, including database virtualization and data anonymization.