Legitimate security protects against modern threats to software applications and their supply chain

PALO ALTO, Calif./ACCESSWIRE August 10, 2022/ Business innovation relies on speed and agility to engage customers in new ways through their software applications and digital business models. However, the hard work companies invest in these applications can backfire tragically when attacks on their internal software development processes and systems result in applications with built-in security vulnerabilities and backdoors that are pushed directly to their customers. clients.

The challenge of securing internal software factories against cybercriminals has fundamentally changed in a few years. In the recent past, organizations were primarily focused on securely consuming open source libraries and third-party software components that go into their finished product. Today, the exposed attack surface targeted by cybercriminals is much broader to include underlying code repositories, build processes, systems, tools, and development teams. These risks are very real, as evidenced by Solarwinds, Codecov and dozens of other high-profile and highly damaging attacks. In fact, government and industry sources estimate that software supply chain attacks will increase 3-6x in the next few years.

Legit Security launched a cybersecurity product earlier this year to address this growing threat with an automated solution. The company takes a unique approach that begins with automated discovery and security analysis of all systems, infrastructure, pipelines, code, and teams used to build software within an organization. Most organizations don’t have a detailed inventory of their internal systems and processes that their developers use to store, build, and deploy their software. The widespread adoption of DevOps, which includes frequent software releases that pass through many different systems and collaborators in the software development lifecycle, further complicates the issue by increasing the rate of change and complexity of these environments.

The Legit Security solution builds on the foundation of automated discovery and adds a library of security policies built from industry best practices and their in-house security research team to identify security issues throughout real-time software supply chain. Once implemented, the platform runs continuously in the background to keep software releases tamper-proof and secure, even as the code, development pipelines, and underlying systems are constantly changing and adapting to changing business needs.

“With Legit Security, we are now able to inventory all of our SDLC systems and security tools, view developer activity, and detect and quickly fix vulnerabilities that cross them“said Bob Durfee, Head of DevSecOps at Takeda Pharmaceutical Company.

The company’s security solution also delivers operational benefits at a time when cost savings are a priority for security and development managers. A costly burden for a growing number of organizations is the ability to comply with a new wave of regulations that include software supply chain security requirements. These regulations include FedRamp, Executive Order 14028, SOC2, ISO27001 and others. In addition to initial compliance, organizations are typically required to submit periodic attestation reports which Legit Security can help automate through a security scoring feature against predefined or custom compliance frameworks. The platform monitors compliance with regulatory requirements in real time and includes reporting options such as generating a Software nomenclature (SBOM) which is a recent addition to several regulations.

“Legit Security’s platform quickly visualizes and analyzes our software pipelines to ensure security compliance with regulatory frameworks, as well as the unique compliance requirements of some of our large financial services partners,” said Or Cohen. , principal engineer at Melio. “Legit’s solution saves us time and resources and allows us to better manage risk.”

Another important move within the computer industry is to “move security to the left” or shift security awareness and responsibilities upstream of the development process to the software developers themselves. Legit Security facilitates this by allowing organizations to compare a wide range of security metrics across software development teams, product lines, and development pipelines. By sharing a security dashboard and providing concrete examples of improvements to be made, fewer issues will be introduced downstream, providing both security and operational benefits and enabling security teams to better utilize the resources they they have.

“Legit helps us secure our CI/CD pipelines, including tracking the security posture of our various teams and workspaces, addressing SDLC configuration drifts, and helping us apply security resources where they can. more help us,” said Erik Bataller, vice president of security, ACV. Auctions. “Legit’s platform enables our developers to maintain high speed with minimal security friction and enables us to identify risk factors and adjust accordingly.”

The challenge of securing software supply chains has grown significantly since the attack on Solarwinds in December 2020. Cybercriminals prey on software factories that make applications so they can embed vulnerabilities that are passed on to end users, disrupt the business operations of the software providers themselves, or steal their intellectual property. Preventing these attacks means adopting a new mindset about the scope of application security as well as new automated security approaches that can allow organizations to stay secure and compliant while rapidly releasing software.

Legit Security is a cybersecurity platform that provides enterprise-grade software solutions to solve complex business problems and brings modern solutions to the application security market. Co-founders Roni Fuchs, Liav Caspi and Lior Barak developed the platform to provide the visibility and contextual information clients need to minimize risk. Legit Security also gives customers the tools they need to ensure their teams and build processes follow best practices.

For more information on legitimate security, please visit https://www.legitsecurity.com/or contact:

Dex Tovin
[email protected]

THE SOURCE: Legit Security

Comments are closed.