DEVOPSdigest

ZeroNorth unveiled its Advanced AppSec (Application Security) Risk Analytics.

Using vulnerability data analyzed by the ZeroNorth AppSec automation and orchestration platform, these business intelligence analytics deliver a single source of truth on the overall risk and health of an organization’s application security program.

ZeroNorth’s reporting and analytics provide high-level intelligence together with granular details on AppSec risk across the enterprise. Data can also be viewed in the context of more specific groups, such as business units and application teams. With this insight, business, security and engineering leaders can determine where to focus, prioritize and direct resources to address the highest areas of risk for the business, build out a application security program, and measure and enforce accountability.

- Assess AppSec Risk: Security leaders can, for example, get a snapshot of the top five AppSec risks, identify problematic trends in scanning, vulnerability creation and remediation, immediately see gaps in the organization’s AppSec program, or quickly isolate the weakest points in the security posture.

- Drive DevSecOps: Security and engineering leaders can use ZeroNorth platform analytics to collaborate and drive DevSecOps processes. For example, through the reports they can compare and track vulnerabilities detected and remediated throughout the software development life cycle (SDLC) or pinpoint vulnerabilities that affect multiple applications and determine the processes and work needed to fix the problem globally. ZeroNorth platform reports can also help identify any bottlenecks in the DevSecOps process that impact the engineering team’s productivity and determine if any process changes or training is required.

- Enable Effective Business Decisions: Business leaders can use ZeroNorth platform reports to manage the organization’s AppSec program, and assess the overall health and risk of revenue-generating applications and make operational business decisions accordingly.

ZeroNorth analytics track key AppSec trends, ratios and metrics at the enterprise level and the individual business unit or application team level, including:

- Vulnerability Status: Types of vulnerabilities detected, leading vulnerabilities (quantity and criticality), trends in types and number of vulnerabilities detected/remediated.

- Application Status: Applications and entities scanned (including scan types), number of vulnerabilities detected per application/entity, top riskiest applications/entities.

- Vulnerability Scanner Status: Number and criticality of vulnerability findings per specific scanner.

The ZeroNorth platform can also generate custom reports, as well as export and integrate with a customer’s business intelligence (BI) and visualization tools of choice.

“ZeroNorth’s mission is to bring security, DevOps and business teams together to improve application security performance and reduce organizational risk. To achieve this, leaders must have a comprehensive, consistent view of AppSec risk at their fingertips,” commented John Worrall, CEO, ZeroNorth. “The new ZeroNorth reporting and analytics provide contextual and actionable analytics business, security and engineering leaders need to make informed business and operational decisions that will accelerate innovation through secure software, while maintaining enterprise standards for security across the organization.”

ZeroNorth’s Advanced AppSec Risk Analytics are generally available and can be delivered in a print-ready format or via an online portal.