With the most recent estimate of the average cost of a breach at $3.86 (a 6.4% increase since the previous year), and with 84% of breaches occurring in the application layer, application security is a growing concern among organisations of every sector. The need for an integrated, efficient tool for developers to monitor the security standpoint of their software is as actual as it has ever been.
In response to this need, cybersecurity leader Synopsys, Inc. has announced that it will showcase its latest Application Security software – the Polaris Software Integrity Platform – at RSA Conference in San Francisco this March.
Synopsys’ new cloud-based platform is aimed at enabling and simplifying application security from development to deployment by combining the Synopsys Code Sight IDE (which lets developers see the results of security tests as they work on their code, in near real time) and central analysis server, a broad set of integrations with popular DevOps tools, and reports, dashboards, and APIs.
“To effectively secure their applications against increasingly sophisticated attacks, organizations need to employ a combination of security testing techniques at multiple points within the software development life cycle,” said Andreas Kuehlmann, general manager of the Synopsys Software Integrity Group. “But, to maintain the velocity required to be competitive, they also need application security solutions that can match the accelerating pace of software development, can scale, and can integrate seamlessly with their existing development infrastructure.”
These are the requirements that the Polaris Software Integrity Platform will address, and it promises to do that without slowing down the development process.
How will this software achieve this?
Synopsys says it will be by following four essential principles.
Firstly, through early risk discovery and mitigation, the platform will help customers remediate vulnerabilities early in development, when – contrarily to common misconceptions – it is more efficient and cost-effective to do so. The Code Sight IDE plugin, embedded in the Polaris Software Integrity Platform, will extend the power of Synopsys’ solution to the developers’ native work environment, enabling them to find and fix vulnerabilities as they write. The plugin will be initially available for IntelliJ, Visual Studio, and Eclipse, and it will combine the same powerful analysis engines as the platform’s central server with fast incremental analysis, ensuring thorough and consistent results without hindering productivity. Code Sight also provides context-sensitive eLearning modules that help developers fix issues quickly and train them to write more secure code going forward.
Secondly, the software will allow enterprises to ‘Shift Left’ and use the same powerful analysis engines both on a central server as part of the CI/CD pipeline and on the developer desktop. Fast, incremental scanning will increase developers’ productivity, enabling them to address vulnerabilities while coding and therefore producing a more secure codebase prior to checking it into their repository. Meanwhile, the central analysis will catch any remaining defects before they can make it to production.
Thirdly, with simple and flexible operation in mind, the cloud-based central server of the Polaris Software Intergrity Platform will provide the flexibility to manage deploiments, initiate security scans, analyse results, and coordinate remediation activities using multiple Synopsys analysis engines, such as Coverity and Black Duck. All of this will be possible through an intuitive web-based management user interface, which will allow for integration and automation of application security analysis across the SDLC with DevOps tools including Jenkins, Jira, Slack, Red Hat OpenShift, and Kubernetes.
Finally, the holistic approach to application security risk will provide consolidated reports and interactive dashboards, which will combine information from multiple security analysis engines across the entire application portfolio. As a bonus, the Polaris Software Integrity Platform APIs will allow a seamless integration of third-party security and risk reporting solution with Synopsys security testing results.
You can stop by Synopsys’ booth at the RSA Conference in San Francisco next week to see a demo.