News

ZeroNorth Wants to Make Security 'Integral and Transparent' in the SDLC

• By John K. Waters
• October 8, 2020

ZeroNorth, a Boston-based provider of risk-based vulnerability orchestration across applications and infrastructure, today announced a new set of capabilities for its SaaS-based security platform aimed at removing friction between security and DevOps teams by making security "integral and transparent" within the software development life cycle (SDLC).

The new capabilities, the company says, "empower developers to deliver the secure software required to drive business growth."

"The shift to DevOps means that both security and development must now play a critical role in the delivery of secure software," said Christian J. van den Branden, SVP of ZeroNorth's engineering and product management group, in a statement. "The ZeroNorth platform seamlessly integrates security throughout the software development lifecycle, empowering the security team to own the enforcement of standards and reporting, while liberating the development team to deliver secure software faster and more easily."

The new features unveiled today include a new Application Portfolio report, and support for additional application scanning tools and toolchain integrations, such as Scout Suite, Aqua Trivy, Gitlab, and BitBucket Server. These capabilities are ideally suited for organizations with distributed business lines and DevOps teams that are striving to gain a competitive edge in the current economic climate, the company said.

The new Application Portfolio report highlights the security policies applied to each application, scans results and progress of remediation work, and enables users to drill down from the big picture into details on a more granular level, the company says. This visibility "ensures the CISO gains a holistic view of risk, while product security and engineering teams can implement application security based on the line of business (LOB) needs."

This release also enhances he platform's roster of commercial and open-source application security tools with support for Scout Suite, an open source multi-cloud security-auditing tool that enables security posture assessment of cloud environments, and Aqua Trivy, a comprehensive open source vulnerability scanner for container images.

"Security teams struggle to keep pace with development, and historically, DevOps teams have neglected security to their peril," said IDC analyst Jim Mercer, in a statement. "With disparate tools clouding the landscape, organizations have left themselves open to attack because of the lack of integration and scant visibility across hybrid environments. The application security and risk management capabilities of the ZeroNorth platform provide a compelling value proposition to help DevOps teams optimize their DevSecOps effectiveness while improving velocity and reducing risk."