Perforce launches upgraded Puppet to cut cyber risk downtime
Perforce Software has released an updated version of its Puppet Enterprise Advanced platform, targeting faster vulnerability remediation and improved collaboration between infrastructure and security teams.
The platform update arrives amid growing concerns over rapidly evolving cyber threats, attributed in part to the increased use of artificial intelligence in attack methodologies. Recent figures from Statista indicate that vulnerabilities in software systems now persist for an average of 229 days before remediation, heightening the risk to organisations and their customers. This delay has been exacerbated by challenges such as rapid infrastructural scaling, inefficient operations, and a global shortage of skilled cyber professionals.
Perforce states that the new features in Puppet Enterprise Advanced will help businesses address security risks more swiftly by embedding remediation processes directly within infrastructure automation workflows. This approach is intended to break down silos between operations and security, allowing for a more integrated understanding of organisations' overall security posture while reducing manual cross-team handoff delays.
"Vulnerabilities continue to increase, with around 40,000 known vulnerabilities in 2024. Because of this explosion in vulnerabilities, the mean time to remediate continues to increase, leaving companies extremely vulnerable to attacks. Enterprises must combat this by integrating security with infrastructure automation to shorten the vulnerability remediation cycle," said Tzvika Shahaf, Vice President of Product Management at Perforce.
"Our new release empowers organizations to unlock a collaborative DevSecOps environment by shrinking the opportunity window for attackers. In future Puppet releases, the pace will quicken further with human-in-the-loop, AI-driven automation."
The updated platform features several enhancements designed to streamline responses to identified security threats. Integration with security scanners, with Tenable Nessus included by default, enables automated identification and remediation of vulnerabilities. The platform's open API framework and extensible architecture allow additional scanners to be incorporated, increasing flexibility for organisations with diverse environments.
Users of Puppet Enterprise Advanced can now manage patching workflows from within the tool's graphical user interface. Additional support for maintenance and blackout scheduling is included, aimed at minimising disruption to normal business operations. Enhanced dynamic patching group capabilities are designed to improve efficiency in managing hybrid infrastructures commonly found in enterprise settings.
The platform enforces continuous alignment of system configurations with established security policies through its desired state enforcement feature. Any deviation from policy triggers an automatic remediation process and generates necessary documentation for audit purposes, a capability expected to assist organisations in maintaining regulatory compliance.
Another enhancement is the pre-built, reusable policy as code (PaC) modules, which ensure systems automatically remain in line with industry-standard security baselines. These modules can be updated as best practices evolve, reducing the manual effort required from in-house teams.
Self-service workflows and increased cross-functional visibility are intended to improve collaboration between traditionally siloed operations and security teams. These features are designed to help decrease the mean time to remediate vulnerabilities, decrease operational risk, and improve cost efficiency for organisations seeking to manage increasingly complex technology estates.
Perforce reports that its approach allows platform teams to better support security teams, thereby boosting resiliency and reducing the mean time to remediate vulnerabilities. According to the company, these capabilities enable risk reduction, process efficiency gains, and savings on operational costs through automation and improved collaboration.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
23-05-2025
- Techday NZ
Perforce introduces AI features for DevOps, boosts efficiency & testing
Perforce Software has announced the launch of Perforce Intelligence, a new tool designed to integrate artificial intelligence across its DevOps product lines and bridge gaps between security, development, and operations teams. Perforce Intelligence is embedded within the company's continuous testing, infrastructure automation, and diagramming solutions, aiming to help customers save time and costs, expand test coverage, and address data silos that typically exist in technology teams. The integration of AI within existing Perforce products challenges the effectiveness of generic AI approaches. The company is also announcing enhancements to Puppet Enterprise Advanced, which are intended to help teams learn, optimise, and better understand their infrastructure changes without requiring specialist skills in the Puppet language. Jim Mercer, Program Vice President, Software Development, DevOps & DevSecOps at IDC, commented on the complexity of implementing AI successfully in technology teams. He said, "AI is not easy to implement among teams, and we've seen pockets of success but also still a ton of confusion and need for understanding of how and where to embed AI within the DevOps lifecycle. It will be important for companies and institutions to partner with organizations that provide them with high value and low risk when it comes to AI." Jake Hookom, Executive Vice President of Products at Perforce, outlined the company's aim to act as a multiplier for AI adoption in business. He said, "At Perforce, we understand that every organisation, regardless of size, has AI ambitions. Our approach to AI is to act as a strategic multiplier, helping businesses adopt AI in a way that delivers value and produces measurable outcomes from our products and within their larger DevOps ecosystem. With security and compliance top of mind for enterprises, those customers are affirming our approach to AI every week with stories on the positive impact we're having on their DevOps teams." Perforce Intelligence claims to differentiate from other testing tools by eliminating the need for scripts and frameworks, aiming to simplify the process for teams to deliver secure applications across various platforms or devices. The tool uses visual and contextual validation to ensure applications adapt dynamically without requiring human intervention, reportedly providing customers with 50% efficiency gains and a 20% increase in test coverage, according to the company. Byron Chan, Digital Delivery Quality Assurance Lead at Servus, commented on the product's potential: "We are excited about where this can go. I see tremendous potential because eventually you could come up with test cases in this prompt format before development even starts, and then once developed/deployed, you could potentially avoid manual testing and automation test development because it's already done." Puppet Enterprise Advanced, part of Perforce's infrastructure automation portfolio, will include a new feature in June 2025 called Puppet Infra Assistant. This is a chat interface that enables users to interact with their infrastructure in natural language, providing visibility into configuration, compliance, and operational status without needing specialist skills. Margaret Lee, Manager of Product Management for Perforce Puppet, highlighted the role of natural language AI: "Puppet has a trove of data to help customers make smarter decisions, but we haven't previously had the means to make it readily accessible for Puppet stakeholders or adjacent teams – like security and development teams - who would really benefit from it. Natural language AI unlocked this potential." "Teams can quickly and easily understand what's happening, make meaningful decisions, and take action to align with their desired business outcomes. Early customers have responded very positively, with one noting that a task that used to take three hours now takes seconds with Puppet Infra Assistant." Perforce Puppet is positioned as an infrastructure automation solution designed to streamline operations, improve security and compliance, and enhance visibility across varying infrastructure environments. For software diagramming, Gliffy, Perforce's diagramming platform for Confluence, now incorporates AI to accelerate the creation of sequence and class diagrams, with the company stating this makes the process three times faster and helps teams represent complex concepts more efficiently. Looking ahead, Perforce outlined several upgrades planned for 2025 as part of the broader Perforce Intelligence roadmap. These include advances for creative workflow acceleration, the provision of compliant and masked data for AI and machine learning projects, maintenance-free testing automation approaches that remove legacy scripting, and agent-to-agent orchestration for infrastructure change management and ongoing compliance.
Techday NZ
24-04-2025
- Techday NZ
Perforce launches upgraded Puppet to cut cyber risk downtime
Perforce Software has released an updated version of its Puppet Enterprise Advanced platform, targeting faster vulnerability remediation and improved collaboration between infrastructure and security teams. The platform update arrives amid growing concerns over rapidly evolving cyber threats, attributed in part to the increased use of artificial intelligence in attack methodologies. Recent figures from Statista indicate that vulnerabilities in software systems now persist for an average of 229 days before remediation, heightening the risk to organisations and their customers. This delay has been exacerbated by challenges such as rapid infrastructural scaling, inefficient operations, and a global shortage of skilled cyber professionals. Perforce states that the new features in Puppet Enterprise Advanced will help businesses address security risks more swiftly by embedding remediation processes directly within infrastructure automation workflows. This approach is intended to break down silos between operations and security, allowing for a more integrated understanding of organisations' overall security posture while reducing manual cross-team handoff delays. "Vulnerabilities continue to increase, with around 40,000 known vulnerabilities in 2024. Because of this explosion in vulnerabilities, the mean time to remediate continues to increase, leaving companies extremely vulnerable to attacks. Enterprises must combat this by integrating security with infrastructure automation to shorten the vulnerability remediation cycle," said Tzvika Shahaf, Vice President of Product Management at Perforce. "Our new release empowers organizations to unlock a collaborative DevSecOps environment by shrinking the opportunity window for attackers. In future Puppet releases, the pace will quicken further with human-in-the-loop, AI-driven automation." The updated platform features several enhancements designed to streamline responses to identified security threats. Integration with security scanners, with Tenable Nessus included by default, enables automated identification and remediation of vulnerabilities. The platform's open API framework and extensible architecture allow additional scanners to be incorporated, increasing flexibility for organisations with diverse environments. Users of Puppet Enterprise Advanced can now manage patching workflows from within the tool's graphical user interface. Additional support for maintenance and blackout scheduling is included, aimed at minimising disruption to normal business operations. Enhanced dynamic patching group capabilities are designed to improve efficiency in managing hybrid infrastructures commonly found in enterprise settings. The platform enforces continuous alignment of system configurations with established security policies through its desired state enforcement feature. Any deviation from policy triggers an automatic remediation process and generates necessary documentation for audit purposes, a capability expected to assist organisations in maintaining regulatory compliance. Another enhancement is the pre-built, reusable policy as code (PaC) modules, which ensure systems automatically remain in line with industry-standard security baselines. These modules can be updated as best practices evolve, reducing the manual effort required from in-house teams. Self-service workflows and increased cross-functional visibility are intended to improve collaboration between traditionally siloed operations and security teams. These features are designed to help decrease the mean time to remediate vulnerabilities, decrease operational risk, and improve cost efficiency for organisations seeking to manage increasingly complex technology estates. Perforce reports that its approach allows platform teams to better support security teams, thereby boosting resiliency and reducing the mean time to remediate vulnerabilities. According to the company, these capabilities enable risk reduction, process efficiency gains, and savings on operational costs through automation and improved collaboration.
Techday NZ
23-04-2025
- Techday NZ
Lineaje launches AI-powered self-healing for software security
Lineaje has announced new end-to-end capabilities aimed at improving software supply chain security for organisations. The new offerings include agentic AI-powered self-healing for open-source software, source code, and containers, alongside Gold Open Source Packages, Gold Open Source Images, and a software risk analysis engine called SCA360. Lineaje's AI Labs research indicates that 90% of modern applications incorporate open-source packages, while 95% of vulnerabilities in applications originate from these dependencies. This environment makes it difficult for developers as development, security, and operations (DevSecOps) teams must address rapidly shifting prioritised risks, often leading to high vulnerability backlogs and resource pressure. According to the Enterprise Strategy Group, 91% of organisations experienced software supply chain incidents in the previous 12 months, leading to significant operational impacts. The company's new solutions aim to mitigate these issues by combining agentic AI, Gold Open Source, and SCA360 scanning technology to eliminate software supply chain vulnerabilities and streamline workflows for development and security teams. The agentic AI functionality enables automatic detection and remediation of security risks within codebases and container environments. These AI agents can compare software versions, generate reports, and analyse compatibility at scale. With these capabilities, thousands of containers and hundreds of repositories are monitored and updated autonomously, reducing the direct burden on developers. The system scans code for security issues, including common vulnerabilities and exposures (CVE), identifies compatible updates, and can apply fixes automatically upon approval. Application-aware, self-healing secure containers further allow vulnerabilities to be identified and patched across multiple layers. New container clones are generated automatically and are intended to be compatible and secure prior to deployment, enabling remediation as part of the build and deployment pipeline. Melinda Marks, Practice Director, Cybersecurity at Enterprise Strategy Group, commented, "As developers increasingly utilise third-party and open-source software to save time as they develop their applications, security teams face challenges with software supply chain security. And the complexity of the software supply chain will continue to grow as developers utilise AI to further increase their productivity." "It is exciting to see Lineaje apply agentic AI to automatically scan and remediate vulnerabilities in open-source software, source code, and containers to help organisations manage software supply chain risk, as this technology holds the promise of creating self-healing systems to alleviate security teams from the challenges of supporting rapidly scaling software development." The Gold Open Source programme allows organisations to access pre-attested, vulnerability-free open-source packages and images, with each package offering full transparency through more than 100 tracked attributes, such as vulnerabilities, licences, and code quality. The offering includes over 3 million Gold Packages and 2,000 Gold Images used in enterprise environments. These catalogues are updated and monitored by Lineaje's AI capabilities, which now track more than 408 billion security data points. For customised needs, developers can generate bespoke Gold Images by specifying public container images, which are then hardened and added to client subscriptions. Premium Gold Open Source functionality addresses security risks associated with abandoned or incompatible open-source packages. According to Lineaje AI Labs data, more than half of all open-source packages are abandoned, leaving potential vulnerabilities exposed in these widely used components. SCA360, a contextual risk analysis engine newly introduced by Lineaje, unifies software analysis for source code, repositories and containers. It operates within an organisation's security perimeter, offering scanning without moving critical data outside corporate boundaries. The tool includes a dependency and reachability scanner, static code analysis, and a malware scanner that detects embedded malicious code or tampered packages. Pippin Wallace, Senior Security Engineer at Favor Delivery, said, "As a food delivery service, our entire business model rests upon the success of our software. A faulty component or vulnerability could potentially disrupt thousands of deliveries daily, impacting our revenue, customer satisfaction, reputation with partners, which could impact our employees and customers." "We required a solution to proactively address these risks and protect our business. Lineaje's SCA360 helps us manage security risks by scanning all software in our delivery platform, ensuring that everything can stay secure. It helps our developers focus on serving up more value to our partners and end users by fixing issues before they become bigger threats." Lineaje states that its solutions can integrate with other corporate tools to allow for full-lifecycle software supply chain security and simplified management across the development pipeline, including the new capabilities for self-healing systems and automated risk reduction. Javed Hasan, co-founder and CEO of Lineaje, said, "Full-lifecycle software supply chain security capabilities enable organisations to deliver transparently secure software. Our new Agentic AI capability in Lineaje AI, combined with Gold Open Source and SCA360, enables organisations to eliminate software supply chain risks while dramatically reducing developer, DevOps, and DevSecOps overhead and chaos created by existing AppSec tools."
