New Relic launches interactive application security testing
New Relic has announced the public preview of New Relic Interactive Application Security Testing (IAST).
New Relic's patented deterministic technique provides automated vulnerability validation via real-world attack simulation, enabling engineers, DevOps, and security teams to focus on high-priority security risks and ship code faster with speed and confidence.
Available as part of the New Relic all-in-one observability platform, the public preview comes with a free 90-day trial period to bring the power of observability and security to every engineer, driving platform adoption and increased data flow into the New Relic platform.
"To help engineers future-proof applications and minimise security concerns, it's imperative that they reimagine the way they build and secure cloud-native applications," says New Relic Chief Product Officer Manav Khurana.
"Adopting a converged observability and security approach is a must in order to help engineers deliver optimised user experiences.
"Developers have long used New Relic APM to identify and address performance issues not just in production, but before they deploy new versions of applications as well. Now, they can use the same New Relic APM agent to power actionable vulnerability insights and reduce security risks earlier before it impacts their organisations bottom line."
IDC Group Vice President Stephen Elliot, says, "More secure applications help protect customers personal data, enhance privacy, and reduce disruptions.
"In turn, this leads organisations to realise key competitive advantages like increased customer trust and loyalty, reduced financial losses, greater regulatory compliance, improved operational efficiency, and better risk mitigation ultimately contributing to the long-term success and sustainability of their business," he says.
"Applying security testing during the application development and testing stages can ensure issues are caught well before they impact customers, while helping modernise the SDLC by providing customers with a more secure and highly reliable experience."
The growth in DevOps has enabled teams to build and ship software faster than ever before, yet 85% of applications still contain vulnerabilities. With vulnerabilities and exposures expected to rise throughout this year to 1,900 per month, engineering and security teams must take a context-driven approach that accurately identifies, prioritises, and verifies vulnerabilities with proof-of-exploit for faster remediation. And, current application security testing methods often rely on a reactive approach, which can result in increased costs, false positives, and missed release cycles.
"New Relic IAST represents the next evolution of New Relic's security strategy, enabling developers to identify and work towards eliminating exploitable code early on in the DevOps cycle," says New Relic Chief Architect APJ, Peter Marelas.
"With New Relic IAST, developers don't need to sift through false positives C our technology is specifically designed to eliminate them through patented deterministic techniques that identify and provide automated vulnerability validation with proof-of-exploit capabilities. This ensures engineers and security teams are able to focus on security risks that matter."
Key features and benefits include:
- 360 visibility: View the application stack and associated relationships with context-driven insights to reduce blind spots and validate remediation efforts.
- Reduce false positives: Advanced detection accuracy, risk-based prioritisation, and automated vulnerability validation ensure teams focus on real security risks.
- Proof of exploit: Find, fix, and verify exploitable vulnerabilities with dynamic assessment capabilities that pinpoint the source of vulnerabilities by simulating real-world attacks.
- Accelerate remediation: Guided remediation, guardrails, and status tracking help developers avoid critical mistakes across the software development lifecycle (SDLC).
- Scale at will: Easy deployment via existing APM agent and seamless integration with CI/CD pipelines and ticketing systems prevent disruption of existing processes and workflows.
New Relic IAST comes on the heels of the general availability of New Relic Vulnerability Management, which allows enterprises to manage security vulnerabilities as an integrated part of their observability practice and open third- party data integrations.