Tom’s Tech Notes: AppSec and Threat Intelligence Visibility


It was great speaking with Surag Patel, Chief Strategy Officer at Contrast Security during PagerDuty Summit 2019 where we were on a DevSecOps panel together.

Contrast Security has joined the PagerDuty Integration Partnership Program to help identify and resolve cybersecurity threats and attacks for distributed DevSecOps teams. By embedding vulnerability analysis and exploit prevention directly into modern software, customers are able to achieve an improved security posture across their mission-critical functions.

During the roundtable and in our subsequent conversation, Surag discussed how DevOps and SecOps are inundated with multiple alerts and troubleshooting true positives versus false positives, leaving little time or resources to resolve real threats effectively.

You may also like: Is it DevSecOps or SecDevOps?

Contrast Security Protect (RASP) solution is an embedded model that allows teams to quickly identify real application-layer threats and attacks with zero-day protection. PagerDuty focuses on mean time to resolution, minimizing the impact of cybersecurity threats and attacks on businesses. When paired, real-time application threat intelligence and real-time response management can enable security operations and development teams to intelligently orchestrate effective measures that address the growing number of attacks and threats with better defense, code-level visibility, and context with faster times to resolution.

“Many security analysts are still struggling to keep up with the rapid state of changes, as they’re flooded with alerts without any context on the applications themselves. With Contrast Protect, not only can our users accurately detect active threats and security vulnerabilities with more application layer context, they can speed up processes and collaboration between development and operations engineers to resolve threats faster,” said Steve Gross, Sr. Director of Strategic Ecosystem Development, PagerDuty.

“Security teams require visibility into mission-critical applications at all times, with automation now crucial for increasing the speed and efficiency of response times,” said Surag. “Working with PagerDuty closely aligns with our mission to improve efficiencies by integrating Contrast Protect (RASP) into security production pipelines. Security tool chaining between Contrast Security and PagerDuty creates an environment for shared security accountability with code layer visibility, protection, and real-time response management.”

The platform is a foundational element spanning development and operations teams. Transparent, accurate, and continuous application security software coupled with real-time response management allows modern DevSecOps teams to “shift left and extend right” to accelerate time to value.  

This integrated solution is aimed primarily at under-resourced security operation teams resulting in:

  • A unified, accurate, and contextual view of vulnerability and attack streams across the entire lifecycle of the application. 
  • Automation to enforce policies, prevent exploits and detect and defend against attacks from within the application. 
  • Stronger feedback loops to better manage different levels of severity threats found in the source code that can be correlated with other attack telemetry. 
  • Faster resolution times increasing team productivity, health, and focus on innovation. 

Related Articles

This UrIoTNews article is syndicated fromDzone