Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).
Implementing Data-Driven DevSecOps
November 14, 2022
Mobile DevSecOps as it's currently implemented has a big problem: it's too slow and inefficient to keep up with the constantly evolving threat landscape. In the typical way of doing things, common tools like pen testing and code scanning identify known vulnerabilities, and the mobile app is then booted back to the development team where they manually add whatever protection they can within the time they have.
But the threats don't stay static. They evolve as cybercriminals find new vulnerabilities and techniques to exploit. The development process don't stop either — as old vulnerabilities are fixed, new features are added, some of which may introduce new weaknesses. Developers lack a real-time understanding of what the threat landscape really looks like in the field. As a result, publishers are constantly releasing apps that are under-protected against current threats.
A Data-Driven Process
Companies are rapidly moving towards data-driven decision-making, using real-time data and analysis to understand how they can optimize operations, strengthen the supply chain and enter new markets that will provide a return on investment. Mobile DevSecOps is not an exception — data-driven decisions about security will not only provide stronger protection against threats, but will also be far more efficient, with much less wasted effort.
But data, alone, is not enough to solve the problem. Good information is useless if the DevSecOps team cannot act on it quickly, and manual methods of implementing security are slow and expensive. Like the rest of the DevOps process, security must be automated, so that new protections can be rapidly included in the next build as they are needed.
Together, automation and real-time threat data make up the two pillars of data-driven DevSecOps. The team has a system that provides it with real-time information about the threats and attacks their mobile apps are encountering in the field right now. With this information, the DevSecOps team can make informed decisions about which are the highest priority security protections to build into the next release.
Beyond Gut Feelings
Mobile apps and the devices on which they run are capable of collecting a wealth of information: threat type, the network, geographic location, OS version and much, much more. All this data provide DevSecOps teams with an extremely granular view of both current and emerging threats that can be sliced according to device, OS, geography — the possibilities are near limitless.
With this wealth of real-time data, the DevSecOps team can make the best use of their time to provide protection against the threats that truly matter.
Once implemented, data-driven DevSecOps teams can not only identify the most urgent threats against which to protect, but they can also prove after release how well the protections are working. In this way, the DevSecOps team can easily justify its value to senior management, partners and other stakeholders, and demonstrate compliance with both internal and external regulations.
It's time for organizations to move beyond manual methods for incorporating mobile app security and gut-feel decisions or analyst recommendations about security models. With data-driven DevSecOps, development teams won't just be shooting in the dark. They'll be using real-time information to identify and protect against new threats and attacks before they can be launched at scale.
Industry News
December 19, 2024
December 19, 2024
Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.
December 18, 2024
Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.
December 18, 2024
Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.
December 17, 2024
Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.
December 17, 2024
Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.
December 17, 2024
Kindo formally launched its channel partner program.
December 16, 2024
Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.
December 16, 2024
Fastly announced the general availability of Fastly AI Accelerator.
December 12, 2024
Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
December 12, 2024
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
December 11, 2024
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
December 11, 2024
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
December 11, 2024
Grid Dynamics announced the launch of its developer portal.
December 10, 2024
LTIMindtree announced a strategic partnership with GitHub.
