10/16/2017 1:05:37 PM
Automated Security as a Service platform by ShiftLeft launches
Cloud Security Platform,Cloud Applications,DevOps Security Tools
App Developer Magazine

Automated Security as a Service platform by ShiftLeft launches

Christian Hargrave Christian Hargrave in Security Monday, October 16, 2017

Cloud-native automated DevOps security platform, ShiftLeft, has been launched from stealth.

ShiftLeft Inc. has introduced an automated Security as a service (SECaaS) for cloud software that creates custom security and threat detection for each application it supports. With ShiftLeft, organizations can now secure their cloud applications as part of their continuous integration pipeline, rather than merely reacting to threats discovered in production. ShiftLeft also identifies vulnerabilities, including contextual vulnerabilities with usage of Open Source Software (OSS), and data leakage risks, allowing organizations to either fix them or protect against them in production using ShiftLeft’s Microagent.

The move to Cloud native applications is forcing organizations to re-architect how they approach security. The critical problem over the next decade is how to protect cloud apps and microservices (collectively called cloud-based workloads) without slowing innovation. With each software build, ShiftLeft extracts all security relevant aspects from the codebase, called Security DNA, and uses it to create a custom Microagent to provide runtime protection. ShiftLeft’s new SECaaS solution is precise and provides accurate alerts to organizations, without false positives. Organizations now have one solution to protect their workloads from known vulnerabilities, unknown vulnerabilities, and data leakage.

According to Gartner, “Trends such as continuous integration (CI), continuous delivery (CD) and DevOps increase demand for better integration and automation of application security within the development pipeline.”

With ShiftLeft, DevOps teams can track compliance requirements for regulations such as PCI-DSS, HIPAA, and the General Data Protection Regulation (GDPR) for every release; for example identifying if the card verification code is stored after authorization. Teams can leverage ShiftLeft’s pre-defined policies, or define custom dictionaries that suit their business requirements and development practices, to track the flow of sensitive data throughout their infrastructure.

The Security DNA of an application is the sum of everything in a codebase that impacts its security, including the execution space of code (what it does and does not do), the flow and treatment of data, the way the application communicates with the outside world, dependencies used, and vulnerabilities. For the first time, developers, DevOps and Security teams can collaborate and leverage the Security DNA to enhance the security of their applications. Developers can prioritize fixes for vulnerabilities that are being exploited in runtime. DevOps can get deep visibility into all the important data flows. And Security teams can protect the applications from attacks without impacting the pace of CI/CD.

“The adoption of Cloud increases the pace of innovation by allowing us to deliver features even faster,” said Chetan Conikee, ShiftLeft CTO and co-founder. “But this pace of change defeats traditional security. ShiftLeft embraces this change to enhance security for cloud-native applications by creating a custom MicroAgent for each version of each application. This application-specific security is both automated and accurate. We no longer have to buy off-the-shelf security products, write policies, and tune them manually as we sift through hundreds of false positives.”

475 Tax Deductions for Businesses and Self-Employed Individuals

Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.

A hands-on guide to mastering mobile forensics for iOS and Android

Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.

Gps tracker for kids

The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.

The Latest Nerd Ranch Guide (3rd Edition) to Android Programming

Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.