DEVOPSdigest

Aricent launched its Highly Automated Vulnerability Assessment Orchestration Containers (HAVOC) framework that manages cyber risk by catching significant security vulnerabilities before they are exploited.

Companies are under pressure to launch products and services faster without exposing themselves to cyber risk. However, shorter time to market lifecycles and latent vulnerabilities raises the likelihood of more successful denial of service attacks and data breaches. Aricent’s HAVOC solution addresses the need to understand the nature of vulnerability risk through a combination of precision coverage, superior probability and statistics, and speed of decision making.

According to researchers, the costs of ransomware in 2015 was $325m and rose to $5bn in 2017. In the next five years, the cost could reach $8 trillion. Conventional security management of products is based upon monolithic risk models with infrequent pre-release tests and random post-deployment assessments. These methods are unable to keep up with the advancing threat levels to product security and are not evolved to accommodate the speed and rigor of Agile or DevOps processes.

While latent software defects will always exist, the challenge is remediating vulnerabilities that can be readily exploited. Through a high-performance graph database, the tool reduces the time to prioritize and correlate thousands of findings that can span software source code, run-times, protocols stack, application interfaces and cloud-native implementations. HAVOC increases speed, verification and frequency of build, test and deployments lifecycles. This results in safer, more secure applications and safeguards businesses from legal, business and economic problems.