Parasoft announces the opening of its new office in Northeast Ohio.
Accurics Comes Out of Stealth Mode
April 30, 2020
Accurics came out of stealth mode to announce the formal launch of the company.
It introduced technology that protects the cloud native infrastructure throughout the DevOps lifecycle, and reconciles risk posture drift between infrastructure defined through code and infrastructure running in the cloud. These advances are critical as organizations rapidly embrace new technologies such as serverless, containers, and service mesh. The company has received $5mm in financial backing from blue-chip investors such as ClearSky, WestWave Capital, Firebolt Ventures and Secure Octane.
Accurics is also making a free version available for download so that organizations can quickly assess their cloud risk posture.
“While the rapid adoption of cloud native technologies is fueling innovation, organizations are grappling with the challenges of securing more complex cloud stacks,” said Accurics Co-founder & CEO Sachin Aggarwal. “Risks in cloud deployments often go ignored due to the fact that detecting and fixing issues in production is costly. Organizations need a broader approach, in effect, ‘code-to-cloud’ security. That means seamless governance of infrastructure during development and in production, protection across the full cloud stack, monitoring for any posture ‘drift’ and swift return to a clean posture. Accurics is proud to introduce a dynamic platform that takes on all of these challenges with ease, speed and cost-effectiveness.”
“Our goal in developing the Accurics platform was to protect the full cloud native stack throughout the DevOps lifecycle, from the moment it’s defined in code and throughout the lifecycle of infrastructure being employed in production,” said Accurics Co-founder & CTO, Piyush Sharrma. “Perhaps most importantly, we prevent the risk posture in production drifting away from the baseline defined through code. That’s the only way to ensure consistently strong protection that enables organizations to innovate with confidence.”
Accurics meets the specific needs of both DevOps and security by addressing specific challenges. These encompass:
- Breach Path Prediction: The platform develops threat models by analyzing vulnerability feeds, IAM privileges, and other data to detect and remediate potential exposure paths in infrastructure code, reducing the attack surface in production. It subsequently monitors production for changes that introduce risks, and responds immediately via integrations with existing remediation workflows.
- Proactive Compliance & Governance: Accurics scans infrastructure as code for violations of common compliance and cybersecurity practices—such as SOC 2, GDPR, PCI, HIPAA, ISO, CIS Benchmark, AWS Best Practices and the AWS well-architected framework—and addresses violations through integrations with existing remediation workflows. This ensures a compliant posture before the infrastructure is provisioned. Production cloud deployments are then monitored against the same policies, and changes that cause violations are remediated. This enables organizations to demonstrate continuous compliance to auditors, management, and customers.
- Cloud Integrity Assurance: Accurics generates a real-time topology across the full stack defined through code, which helps spot design issues early in the DevOps lifecycle. Once the issues are addressed, the code is established as a baseline. The platform then continuously assesses the production cloud deployment for changes in topology from the baseline and flags drifts. If the drift is due to a legitimate change, the code can be updated, and if it introduces risks, organizations can roll their code back to the last known secure posture.
The platform protects hybrid and multi-cloud environments with a wide range of capabilities, including:
- Full Stack Visibility: Visualizes the real-time topology in code and cloud across a full stack, including serverless, container, platform and infrastructure technologies.
- Infrastructure as Code Security: Continuously scans infrastructure code such as Terraform, Ansible, Kubernetes YAML, Dockerfile and OpenFaaS YAML for misconfigurations, vulnerabilities, policy violations, and potential breach paths before the cloud infrastructure is provisioned.
- Cloud Posture Management: Continuously monitors production cloud deployments for changes that introduce misconfigurations, policy violations, and potential breach paths.
- Drift Detection: Continuously assesses the posture of a cloud deployment and flags any drifts from the posture defined through code.
- Posture Restoration: If a drift is due to a legitimate change, the code can be updated to reflect the change; if it introduces risks, the code can be restored to the last known secure posture.
- Remediation: Resolves issues that are flagged via integrations with alert management mechanisms such as Slack, JIRA, Splunk, webhooks and email.
The Accurics platform is available now.
Industry News
May 02, 2024
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
May 02, 2024
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
May 02, 2024
Nokod Security announced the general availability of the Nokod Security Platform.
May 02, 2024
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
May 01, 2024
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
May 01, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
May 01, 2024
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
May 01, 2024
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
May 01, 2024
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
April 30, 2024
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
