Contrast Security Introduces Route Intelligence
March 17, 2020

Contrast Security announced Route Intelligence, a new capability for application security.

Legacy application security testing solutions simply point out potential vulnerabilities in application code and are plagued with false positives. This antiquated approach to application security also squanders valuable time associated with manual vulnerability verification. Route Intelligence from Contrast, which is now available as part of Contrast Assess, is a revolutionary and industry-leading solution that combines continuous and accurate assessment with instrumentation-based vulnerability assessment capabilities. When compared to traditional application security approaches, Route Intelligence saves security teams and application development teams massive amounts of time while reducing costs—namely, development teams know exactly what parts of each application have been tested for critical security flaws.

Routes in software are like roads in cities, enabling data to reach the correct destination and powering business logic in the application. Using traditional approaches to application security testing, development teams are unable to determine how much of their application attack surface—that is, how many routes—have been assessed for vulnerabilities. With Route Intelligence, development teams know the full extent of their entire application security posture. Route Intelligence also automates vulnerability remediation verification, obviating a time-consuming, manual process whereby development teams had to engage with multiple teams to verify vulnerability remediation. This saves development teams significant time and resources.

“Security and development leaders want high speed and secure DevOps and digital transformation. A core principle of going fast is finding and fixing important functionality and security flaws early,” said Alan P. Naumann, Chairman of the Board, President, and CEO of Contrast Security. “With Route Intelligence, which is now part of Contrast Assess, our customers can immediately see a comprehensive picture of the entire application attack surface, allowing overstretched development teams to save time and focus their valuable resources. In addition, development and security teams can work from a shared and accurate view, saving hundreds of hours required for vulnerability remediation verification. Route Intelligence is one more game-changer in the application security revolution that Contrast Security is spearheading.”

Because development teams do not have full visibility of the application attack surface when they employ traditional static application security testing (SAST) and dynamic application security testing (DAST) tools, inherent risks reside within the application development and testing environments. Leveraging Route Intelligence, Contrast Assess displaces legacy SAST and DAST tools with a modern platform that combines SAST, DAST, and interactive application security testing (IAST) into one solution. This delivers comprehensive visibility over the entire application attack surface. In addition, traditional approaches to application security testing incur hundreds of development staff hours on manual vulnerability verification. This slows continuous integration/continuous deployment (CI/CD) life cycles.

- Unwavering Confidence. Unlike traditional application security testing approaches that build and scan hypothetical models of source code repositories and result in incomplete attack surface and vulnerability models, Contrast Assess uses patented instrumentation to directly interrogate application frameworks to determine all possible application routes to provide full visibility of the entire application attack surface. In addition, alerts in Contrast eliminate false positives that can hide real problems and hinder remediation activities. Security and development teams, as a result, have full assurances of the thoroughness of the security assessment powered by Contrast Assess.

- Better Visibility. Because of the discovery approach employed by Contrast Assess, developers have a full and complete picture of their entire application attack surface, how much of it has been tested, and what areas require remediation based on identified vulnerabilities. This virtually eliminates vulnerability risk associated with the deployment of compromised application code.

- Additional Automation. Traditional SAST and DAST tools try to solve the problem of coverage and verification of remediation using different techniques but are highly ineffective. Their findings are also extremely inaccurate and peppered with false positives, turning vulnerability verification into a game of Whack-A-Mole. Static scans no longer reflect the true nature of an application’s security posture, as more and more of the application is being loaded dynamically at runtime. By utilizing the application’s runtime behavior, Route Intelligence enables users of Contrast Assess to compare successive security assessment results for each application route to ensure that the vulnerability originally discovered on a route is no longer present. This automated vulnerability remediation verification approach dramatically improves application risk posture while giving back hundreds of hours to development and security teams.

Share this

Industry News

August 13, 2020

Datadog announced the launch of Error Tracking, a new product that automatically gathers application errors in realtime and intelligently aggregates them into actionable issues for engineering teams.

August 13, 2020

Trend Micro enhanced agility and automation in cloud security through integrations with Amazon Web Services (AWS).

August 13, 2020

CloudPassage has been awarded its eleventh patent, the most recent for its approach to securing containers (US 10,601,807 B2).

August 12, 2020

Datadog announced the general availability of Continuous Profiler, a low-overhead 24x7 code profiler that measures the performance of code in production.

August 12, 2020

Pulumi announced significant new capabilities for Kubernetes, including cloud native deployment automation options, ecosystem integrations and migration tools.

August 12, 2020

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the availability of a new training course, LFS268 - CI/CD with Jenkins X.

August 11, 2020

Datadog announced the launch of Incident Management.

August 11, 2020

Progress announced the latest release of Progress® Test Studio®, the automated UI load and performance testing tool.

August 11, 2020

Symmetry Systems emerged from stealth a year after raising $3 million in seed funding.

August 10, 2020

Red Hat announced the launch of Red Hat remote certification exams.

August 10, 2020

Signal Sciences announced an integration with Microsoft Azure App Service for the Signal Sciences next-gen Web Application Firewall (WAF) and Runtime Application Self-Protection (RASP) solution.

August 10, 2020

Copado announced Copado Government Cloud to help government agencies accelerate the time-to-value of Salesforce digital transformation projects.

August 06, 2020

Push Technology announced the launch of a new Kafka Adapter for their Diffusion Intelligent Data Mesh.

August 06, 2020

Appvia announced the launch of its Cost Prediction and Visibility tool, integrated within the latest version of its Kore platform.

August 06, 2020

LogiGear announced the newest addition to the TestArchitect™ family, TestArchitect Gondola.