ZeroNorth, the only company to unite security, DevOps and the
business for the good of software, today unveiled its Advanced AppSec
(Application Security) Risk Analytics. Using vulnerability data analyzed by the
ZeroNorth AppSec automation and orchestration platform, these business
intelligence analytics deliver a single source of truth on the overall risk and
health of an organization's application security program.
ZeroNorth's
reporting and analytics provide high-level intelligence together with granular
details on AppSec risk across the enterprise. Data can also be viewed in the
context of more specific groups, such as business units and application teams.
With this insight, business, security and engineering leaders can determine
where to focus, prioritize and direct resources to address the highest areas of
risk for the business, build out a application security program, and measure
and enforce accountability.
- Assess AppSec Risk:
Security leaders can, for example, get a snapshot of the top five AppSec risks,
identify problematic trends in scanning, vulnerability creation and
remediation, immediately see gaps in the organization's AppSec program, or
quickly isolate the weakest points in the security posture.
- Drive DevSecOps:Security
and engineering leaders can use ZeroNorth platform analytics to collaborate and
drive DevSecOps processes. For example, through the reports they can compare
and track vulnerabilities detected and remediated throughout the software
development life cycle (SDLC) or pinpoint vulnerabilities that affect multiple
applications and determine the processes and work needed to fix the problem
globally. ZeroNorth platform reports can also help identify any bottlenecks in
the DevSecOps process that impact the engineering team's productivity and
determine if any process changes or training is required.
- Enable Effective Business Decisions:Business leaders can use ZeroNorth platform reports
to manage the organization's AppSec program, and assess the overall health and
risk of revenue-generating applications and make operational business decisions
accordingly.
ZeroNorth
analytics track key AppSec trends, ratios and metrics at the enterprise level
and the individual business unit or application team level, including:
- Vulnerability Status:
Types of vulnerabilities detected, leading vulnerabilities (quantity and
criticality), trends in types and number of vulnerabilities
detected/remediated.
- Application Status:
Applications and entities scanned (including scan types), number of vulnerabilities detected per
application/entity, top riskiest applications/entities.
- Vulnerability Scanner Status: Number and criticality of vulnerability findings per
specific scanner.
The ZeroNorth platform can also
generate custom reports, as well as export and integrate with a customer's
business intelligence (BI) and visualization tools of choice.
"ZeroNorth's
mission is to bring security, DevOps and business teams together to improve
application security performance and reduce organizational risk. To
achieve this, leaders must have a comprehensive,
consistent view of AppSec risk at their
fingertips," commented John Worrall, CEO, ZeroNorth. "The new ZeroNorth
reporting and analytics provide contextual and actionable analytics business, security and
engineering leaders need to make
informed business and operational decisions that will accelerate innovation through secure software, while maintaining enterprise standards for security across the
organization."
ZeroNorth's Advanced AppSec Risk
Analytics are generally available and can be delivered in a print-ready format
or via an online portal.