Perforce launches upgraded Puppet to cut cyber risk downtime
The platform update arrives amid growing concerns over rapidly evolving cyber threats, attributed in part to the increased use of artificial intelligence in attack methodologies. Recent figures from Statista indicate that vulnerabilities in software systems now persist for an average of 229 days before remediation, heightening the risk to organisations and their customers. This delay has been exacerbated by challenges such as rapid infrastructural scaling, inefficient operations, and a global shortage of skilled cyber professionals.
Perforce states that the new features in Puppet Enterprise Advanced will help businesses address security risks more swiftly by embedding remediation processes directly within infrastructure automation workflows. This approach is intended to break down silos between operations and security, allowing for a more integrated understanding of organisations' overall security posture while reducing manual cross-team handoff delays.
"Vulnerabilities continue to increase, with around 40,000 known vulnerabilities in 2024. Because of this explosion in vulnerabilities, the mean time to remediate continues to increase, leaving companies extremely vulnerable to attacks. Enterprises must combat this by integrating security with infrastructure automation to shorten the vulnerability remediation cycle," said Tzvika Shahaf, Vice President of Product Management at Perforce.
"Our new release empowers organizations to unlock a collaborative DevSecOps environment by shrinking the opportunity window for attackers. In future Puppet releases, the pace will quicken further with human-in-the-loop, AI-driven automation."
The updated platform features several enhancements designed to streamline responses to identified security threats. Integration with security scanners, with Tenable Nessus included by default, enables automated identification and remediation of vulnerabilities. The platform's open API framework and extensible architecture allow additional scanners to be incorporated, increasing flexibility for organisations with diverse environments.
Users of Puppet Enterprise Advanced can now manage patching workflows from within the tool's graphical user interface. Additional support for maintenance and blackout scheduling is included, aimed at minimising disruption to normal business operations. Enhanced dynamic patching group capabilities are designed to improve efficiency in managing hybrid infrastructures commonly found in enterprise settings.
The platform enforces continuous alignment of system configurations with established security policies through its desired state enforcement feature. Any deviation from policy triggers an automatic remediation process and generates necessary documentation for audit purposes, a capability expected to assist organisations in maintaining regulatory compliance.
Another enhancement is the pre-built, reusable policy as code (PaC) modules, which ensure systems automatically remain in line with industry-standard security baselines. These modules can be updated as best practices evolve, reducing the manual effort required from in-house teams.
Self-service workflows and increased cross-functional visibility are intended to improve collaboration between traditionally siloed operations and security teams. These features are designed to help decrease the mean time to remediate vulnerabilities, decrease operational risk, and improve cost efficiency for organisations seeking to manage increasingly complex technology estates.
Perforce reports that its approach allows platform teams to better support security teams, thereby boosting resiliency and reducing the mean time to remediate vulnerabilities. According to the company, these capabilities enable risk reduction, process efficiency gains, and savings on operational costs through automation and improved collaboration.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
18-07-2025
- Techday NZ
GitLab Duo Agent Platform beta unlocks AI-human collaboration
GitLab has opened public beta access to its GitLab Duo Agent Platform, a DevSecOps orchestration platform enabling asynchronous collaboration between developers and AI agents. Product details The GitLab Duo Agent Platform introduces an orchestration layer designed to allow specialised AI agents and human developers to collaborate within software development projects. By leveraging GitLab as the system of record, the platform delivers broad project context to AI agents, supporting informed decision-making in line with organisational standards. The company has made the public beta available to Premium and Ultimate customers. The initial set of features includes Software Development Flow - the first orchestrated multi-agent workflow that accumulates context, clarifies ambiguities with developers, and implements changes to codebases and repositories using project structures, codebase history, and supplementary context such as GitLab issues and merge requests. Specialised agents and workflows Specialised agents on the platform mirror established team roles, with capabilities to search, read, create, and modify existing artefacts across GitLab. The platform also features agent Flows, which are structured, predetermined workflows that can coordinate multiple specialised agents to autonomously execute complex or multi-step tasks. GitLab is planning an AI Catalogueueueueue in the future - this marketplace will allow organisations to create, customise, and share agents and agent flows among their teams and the wider GitLab ecosystem. Interface and support Users of the public beta have access to GitLab Duo Agentic Chat within development environments, both in IDEs and the GitLab Web UI. According to GitLab, the chat experience has been transformed into an active development partner, supporting iterative feedback and chat history, as well as streamlined delegation using new slash commands such as /explain, /tests, and /include. These commands create a quick delegation language, and the /include feature allows for context injection from specific files, issues, merge requests, or dependencies. Developers can also personalise agent behaviour using custom rules, specifying guidance tailored to individual or team preferences through natural language instructions. In addition to integration with Visual Studio Code, support has been extended to JetBrains IDEs such as IntelliJ, PyCharm, GoLand, and WebStorm. The platform also introduces Model Context Protocol (MCP) Client Support, which enables GitLab Duo Agentic Chat to connect to remote and local MCP servers. This allows agents to communicate with systems beyond GitLab, provided those systems are accessible via MCP, expanding the practical application of the platform's capabilities. Future releases GitLab stated that the scope and quality of the Duo Agent Platform will be expanded through subsequent 18.x releases, with a general availability target by the end of the year. Industry perspectives GitLab's own leadership and industry observers offered perspectives on the platform's beta release. "GitLab Duo Agent Platform enhances our development workflow with AI that truly understands our codebase and our organisation," said Bal Kang, Engineering Platform Lead at NatWest. "Having GitLab Duo AI agents embedded in our system of record for code, tests, CI/CD, and the entire software development lifecycle boosts productivity, velocity, and efficiency. The agents have become true collaborators to our teams, and their ability to understand intent, break down problems, and take action frees our developers to tackle the exciting, innovative work they love." Rachel Stephens, Research Director at RedMonk, commented, "As software development workflows grow in complexity and organisations look to leverage AI, there's an increasing need for platforms that can integrate AI capabilities without adding to existing disjointed toolchains." "As a DevSecOps platform, GitLab is already positioned to help developers collaborate both synchronously and asynchronously. Now the GitLab Duo Agent Platform intends to take this a step further, helping developers also integrate AI agents into their workflows." Bill Staples, Chief Executive Officer at GitLab, added, "Today marks a pivotal moment in software development as we introduce the public beta of the GitLab Duo Agent Platform, the first DevSecOps orchestration platform designed to unlock asynchronous collaboration between developers and AI agents." "GitLab Duo Agent Platform isn't just another AI tool; it's a fundamental reimagining of software development from isolated, linear processes into dynamic, intelligent collaboration." "By leveraging GitLab's unique position as the system of record for the entire software development lifecycle, we're providing AI agents with unprecedented context and capabilities. This enables our customers to work with AI agents that have comprehensive context about their codebase, their workflows, and their organisational goals to help boost productivity, velocity, and efficiency."
Techday NZ
24-06-2025
- Techday NZ
GitLab & IBM launch platform to modernise mainframe DevOps
GitLab and IBM have introduced GitLab Ultimate for IBM Z, a solution designed to address the distinct challenges faced by mainframe software development teams. The new offering targets long-standing issues within enterprise mainframe environments, where teams have traditionally operated with outdated tools. This situation has often resulted in slow delivery cycles, heightened security risks, and increased operational costs. By providing native continuous integration and continuous deployment (CI/CD) pipelines on IBM z/OS, unified source code management, and direct integration with IBM Developer for Z, the companies aim to place mainframe developers on a more equal footing with their counterparts working in cloud-native settings. Mainframe development challenges Many organisations running mission-critical workloads on IBM Z systems encounter significant hurdles using conventional DevSecOps tools, which are not tailored to the specifics of mainframe development. While cloud-native teams benefit from automated, collaborative environments and robust pipelines, mainframe teams have historically had to rely on legacy software, workaround solutions, and manual processes such as SSH file transfers. These practices introduce security and compliance concerns and make audits more complex. Such workarounds become particularly problematic in highly regulated sectors, where maintaining strict audit trails and minimising vulnerabilities are essential. The continued use of separate, legacy development toolchains results in higher licensing and maintenance costs, compared to more modern alternatives, while also leading to slower delivery cycles and making it harder for enterprises to attract new technical talent. Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC, commented on the significance of the new solution: "GitLab Ultimate for IBM Z represents an important step in addressing a long-standing industry challenge. IDC research shows that mainframe developers often work with legacy tooling that contributes to delivery inefficiencies and makes it harder to attract new talent. With this offering, modern DevSecOps capabilities and unified workflows are brought directly to the mainframe. This empowers developers to work more collaboratively and efficiently, while helping organisations accelerate innovation and integrate mainframe development into broader digital transformation strategies." Modernisation and integration The GitLab and IBM partnership intends to foster true modernisation by providing a unified development platform. This allows mainframe, cloud-native, web, and mobile teams to collaborate and share knowledge across environments, reducing technical silos. Teams are able to incrementally modernise without major business disruption, adopting more contemporary workflows while legacy systems continue to operate. As organisations look towards hybrid cloud architectures, the integrated approach is intended to support applications that need to span both mainframe and cloud environments, giving development teams more options for deployment and collaboration. Solution details GitLab Ultimate for IBM Z delivers native z/OS Runner support, which enables CI/CD pipeline execution directly on mainframes, reducing the need for remote connections and associated security risks. The platform incorporates GitLab's source code management system, replacing legacy library managers and providing version control and searchable repositories, which may help organisations lower licensing fees and operational overhead. Integration with IBM Developer for z/OS Enterprise Edition brings features such as dependency-based builds, automated code scanning, and debugging, designed to improve both the quality and security of releases. The offering also aims to give teams end-to-end visibility across mainframe and distributed activities, which is intended to support automated workflows and help retain development talent. Capabilities for enterprise teams By combining GitLab's DevSecOps platform with IBM's experience in mainframes, GitLab Ultimate for IBM Z is positioned as a solution for enterprises seeking to bridge the gap between legacy systems and newer, cloud-native environments. The goal is to facilitate modern development practices directly within mainframe settings, promoting collaboration, efficiency, and cost-effectiveness for enterprise users.
Techday NZ
18-06-2025
- Techday NZ
Circumvent raises $6 million to advance proactive AI cloud security
Circumvent has secured $6 million in early-stage funding to advance the development and commercial rollout of its proactive cloud security platform. This investment has been led by Paladin Capital Group, an investor focused on cybersecurity and secure artificial intelligence, and will enable Circumvent to launch its multi-agent AI system designed to assist cloud and security teams with managing and resolving security alerts across complex infrastructures. Platform approach Circumvent's platform addresses the challenge faced by organisations overwhelmed by high volumes of alerts originating from multiple security tools in their cloud infrastructure and application environments. The system uses artificial intelligence and machine learning to ingest, correlate, and enhance alerts from a broad set of cloud-native, open-source, and third-party sources. By connecting these alerts with up-to-date business context, Circumvent aims to streamline risk prioritisation and allow teams to focus on source-level remediation tasks that are most critical to their operations. Circumvent was founded by Michael Watts and Thomas Bui. Watts previously established Cloud Conformity, a former Paladin Capital Group portfolio company that was acquired by Trend Micro in 2019. Bui, now Chief Technology Officer at Circumvent, brings experience from the banking sector, government, and a previous tenure at Uber. The co-founders have worked together in the past, building technology products targeted at complex business challenges. Multi-Agent AI system At the core of Circumvent's solution is a Multi-Agent AI System. This is described as a coordinated network of intelligent agents responsible for managing prioritisation and remediation activities at large scale. These agents are designed to act autonomously, adapting to each customer's specific cloud environment and supporting what Circumvent terms a guided remediation experience. The company reports that it is currently partnering with several large enterprises across the United States, Australia, and New Zealand, particularly those with significant cloud infrastructure on AWS, Azure, and Google Cloud. "Security and cloud teams are under immense pressure to move fast without increasing risk," said Michael Watts, co-founder and CEO of Circumvent. "We're not just generating more alerts—we're building the intelligence layer that helps teams understand what to fix, why it's important, and how to take immediate action to resolve the root cause." Thomas Bui, co-founder and CTO, stated, "By aligning alerts with real-time business context, Circumvent ruthlessly prioritises risks, identifies root causes, and enables engineering teams to take precise, targeted remediation actions at the source. The platform is built to integrate seamlessly into existing DevSecOps workflows, improving security efficiency without slowing innovation." Funding allocation The funding from Paladin Capital Group will be used to accelerate product development and support early engagement with customers. Part of the investment will also fund the establishment of Circumvent's new commercial headquarters in San Francisco, while continuing to base its research and development activities in Australia. The San Francisco office is expected to underpin Circumvent's expansion into the United States and increased global outreach. "We're thrilled to be working again with Michael Watts and the exceptional founding team at Circumvent," said Tom Clute, Principal at Paladin Capital Group. "Our mission is to support entrepreneurs who are transforming cybersecurity through innovation from the ground up. Circumvent is addressing one of the most critical challenges in cloud security today: closing the gap between identifying risks and driving effective, scalable remediation." Company operations Circumvent reports that its solution is intended to automate the triage and prioritisation of alerts, minimising manual intervention and addressing alert fatigue among security operations staff. The platform aims to deliver remediation recommendations with human verification, allowing security teams to address risks more efficiently and at their source. With this funding, Circumvent and Paladin Capital Group are seeking to address what they describe as a significant shortfall in the current market: the ability for enterprises to not only identify risks in the cloud but also to remediate them effectively and at scale.
