Cybric ensures security doesn't suffer in a rapid development world
(Image Credit: iStockPhoto/TARIK KIZILKAYA)
The rapid pace in which software is developed prevents apps from being as secure as possible and can leave users and systems vulnerable. Cybric has developed a 'Security-as-a-Service' platform which automates the security checking of apps to allow developers to focus on building their product.
At whatever intervals are convenient for a development team, Cybric's platform will perform a check on code for security problems and if action is required will alert the right personnel using any combination of Slack, PagerDuty, or standard email. This automation helps to ensure software is secure before it's deployed.
“Enterprise users expect new features to be continuously introduced and added to their applications, and while the DevOps culture is helping to make that happen, security is being left behind. When you look at how applications are being rolled-out or updated without proper testing and then consider the growing sophistication and ‘always-on’ nature of cyber criminals, it’s a bad combination. There’s clearly a big need for continuous vulnerability management,” said Cybric CEO and founder Ernesto DiGiambattista.
Rather than start messing with production code, a copy is created in the customer's production environment of choice which is scanned for problems and deleted. Cybric is compatible with most standard development tools – including Github and Bitbucket – and developers can choose their preferred scanning tool for detecting issues.
The automated nature of Cybric ensures there's no slowdown in development but that apps remain secure. While vulnerabilities will be highlighted by Cybric, it will be up to developers to action on the issues. Providing teams with the ability to decide when scanning is conducted – such as every commit, every day, or every week – helps to cater for their individual needs and prevent disruption.
“By integrating continuous application security testing into the CI/CD pipeline without impacting the production environment, Cybric is enabling DevSecOps automation that moves security upstream,” said Enterprise Strategy Group (ESG) Senior Analyst Doug Cahill. “Incorporating security into DevOps methodologies allows enterprises to successfully drive automated security testing across development and production applications, providing more consistent protection regardless of application and DevOps maturity with an adaptive platform that evolves with them.”
Research has concluded the need for improved security automation and vulnerability remediation. The annual Ponemon Cost of Data Breach 2016 report from the Ponemon Institute found the average cost of breaches has jumped past $4 million per incident. The study also found that average dwell time for breaches stands at 201 days; with organisations requiring another 70 days to contain breaches once they’d been identified.
Cybric became generally available today. The Boston company launched in 2015 and raised $6.3 million in seed funding last month. You can find out more information here.
Do you think Cybric's Security-as-a-Service platform is a good idea? Let us know in the comments.