Hewlett Packard Enterprise (HPE) has introduced the HPE Fortify Ecosystem and Fortify on Demand (FoD) continuous application monitoring service. The online marketplace and service are designed to help organizations create secure applications by naturally integrating security testing processes and resources throughout the fast-paced software development lifecycle (SDLC). Partners of the HPE Fortify Ecosystem at launch include Docker and Chef, among more than 20 others. The FoD Continuous Application Monitoring Service provides ongoing discovery, scanning and runtime detection delivering visibility across the entire application portfolio.
To speed application time to market, enterprises are increasingly shifting to the more collaborative DevOps model that closely ties software developers with other IT functional areas to eliminate lag time in the SDLC. Security should be a core part of this integrated DevOps process to identify and remediate vulnerabilities before, during and after applications are brought to market. However, Gartner clients continue to continue to struggle with integrating technologies into existing workflows, bridging the gap between the security team and the development team, remediation, and creating repeatable processes to facilitate an efficient application security program.
The new HPE Fortify Ecosystem is fully integrated into the DevOps tool chain, making it simpler for developers to build security into the SDLC and strengthen the security of their applications. The marketplace features integrated systems spanning 10 distinct DevOps functional categories, including: Cloud, Containers, Security, Open Source and others. Platforms including Docker and Chef, among 20 others are all compatible with HPE Security Fortify solutions at launch.
Implementing secure DevOps can help organizations reduce time, costs, and risks; however, applications must also be protected once they are in production. The increasing pressure to rapidly deliver applications often creates a disconnect between an organization’s IT function and security team. As a result, the security team may not know what is in production and must identify which applications are deployed on the network, scan them for vulnerabilities and protect them. The FoD Continuous Application Monitoring service delivers a comprehensive application monitoring solution that automatically identifies an organization’s full range of applications, dynamically scans and tests them in real-time, and integrates directly with security information and event management (SIEM) for incident identification and response.
“Historically, security has been looked at as an afterthought in the development lifecycle. However, as more organizations shift to a DevOps process where everything is moving quickly and there is a lot of automation, organizations and developers need to focus on building security into every step of the software development lifecycle (SDLC). The new HPE Fortify Ecosystem s bring security closer to the development tool chain, making it natural for developers and security to coexist. For example, developers are provided with the tools needed to see vulnerabilities in real-time as they type within their development environment, very similar to a spellchecker. This enables the developer to fix issues on the fly, as well as provide an educational tool to help them learn and develop more securely in the future, ultimately saving them time and resources.” – Maria Bledsoe, Director of Product Marketing, HPE Security Fortify, Hewlett Packard Enterprise.
Availability
The HPE Fortify Ecosystem and new HPE Security Fortify on Demand continuous application monitoring service are currently available globally. For more information on HPE Security Fortify solutions, please visit: http://www8.hp.com/us/en/software-solutions/application-security-testing/