New Relic announced the general availability of
New Relic Vulnerability Management to provide customers with security monitoring, helping
engineering teams identify and triage vulnerabilities across their tech stack,
all in one place, now available for purchase until the end of January at a
promotional rate. This includes new Interactive Application Security Testing
(IAST) capabilities, added to New Relic with the acquisition of K2 Cyber
Security, that enable teams to perform vulnerability testing without having to
make any code changes or interrupting normal business operations. Vulnerability
Management is available out of the box and available without additional
configuration.
Vulnerability Management is a natural addition to New Relic's
existing 30+ observability capabilities and aligns with its vision of
eliminating data, tool, and team silos. The solution integrates New Relic's
native vulnerability signals and third party security signals into its
purpose-built Telemetry Data Platform to monitor and manage all enterprise
telemetry data in one place. Development, security, and operations teams can
now use one connected experience to manage application security issues and
avoid switching between siloed tools. All of this is available as part of New
Relic's industry leading simple and transparent consumption pricing with a
promotional offer to democratize observability and security for all engineers.
Today, DevOps teams work separately from security organizations,
using different assessment tools and siloed data that can result in an
incomplete picture of the vulnerability surface area of the software stack.
This leaves many organizations struggling to protect their applications at the
source code and runtime level. For example, security teams are still dealing with a critical
flaw in the popular open-source logging tool Log4j more than a
year after it was announced - of which 30% of instances remained vulnerable to
exploitation. These types of vulnerabilities are challenging to locate and
identify in the stack and can be so widespread that they can impact
mission-critical software through unknown external dependencies. Vulnerability
Management solves for this by providing visibility into an organization's
entire tech stack so they can identify vulnerabilities and protect their
applications at every stage of the software development lifecycle.
"Maintaining application security is a critical part of the
overall software developer workflow." said New Relic CEO Bill Staples. "As a leader in
observability, New Relic's data-driven approach puts us in a unique position to
provide security visibility across the entire enterprise tech stack. Our
customers have been rapidly adopting the new Vulnerability Management
capability while in preview and we are very excited to begin general
availability at a promotional price, and simultaneously introduce new
Vulnerability Testing capabilities in limited preview."
"Over 220 million Africans rely on our platform for their
payment needs. We provide the payment rails to 120 banks and thousands of
global and local businesses for their everyday operations, which means that
security at scale is paramount to our business," said Cellulant VP of Software
Engineering Michael Muriuki.
"New Relic Vulnerability Management has made it very easy for our engineers to
gain real-time visibility into our applications at the production level and
identify any vulnerabilities, assess their criticality, put them into context,
and fix them at the application layer. We are able to do all of this at scale
while preserving precious engineering resources and maintaining great customer
experience."
"Our digital marketplace enables thousands of creators. Like any
thoughtful business, trust and security are fundamental to providing an
excellent customer experience, which is why we rely on New Relic to bring our
observability practice into alignment with our security practice," said Thortful
Co-founder and CTO Eric Genet. "Our engineers don't have to look at
multiple systems. They can see all of their alerts and system performance in
one place, so we can get in front of potential issues well before they reach
the customer."
Key capabilities include:
- Zero configuration
visibility: Instant
and actionable security information with no additional configuration that
brings continuous runtime software composition analysis (SCA) for risk
assessment across the stack.
- New vulnerability testing
capabilities in limited preview: Detect signatureless vulnerabilities in pre-production
environments using IAST. The new capabilities leverage a patented deterministic
technique to identify and provide automated vulnerability validation with proof
of exploit.
- Open third party
integrations: Unified security view across the stack and software lifecycle by
adding security data with New Relic's open ecosystem using built-in
quickstarts, or from any custom source using New Relic's security APIs.
- Automatic risk prioritization:
Evaluate
security risks across the software stack correlated with the service catalog.
- Alerting on newly discovered
vulnerabilities: Notifications via Slack and Webhooks when new vulnerabilities are
introduced in the code base.
Vulnerability
Management is now generally available to all New
Relic accounts in the US region, with general availability in the EU region
planned for Feb 15, 2023. It is included as part of the Data Plus bundle or
the Free Tier. Users can
also add it to any consumption pricing plan for $0.10/GB on top of their
current data ingest price, or at the promotional pricing of an additional
+$0.06/GB if they purchase by January 31.