Latest news with #AppSec
Techday NZ
3 days ago
- Business
- Techday NZ
Palo Alto Networks unveils Cortex Cloud ASPM to block app risks
Palo Alto Networks has introduced Cortex Cloud Application Security Posture Management (ASPM), a product designed to prevent security risks from impacting applications before they are deployed. The new Cortex Cloud ASPM module is positioned as a prevention-first solution, blocking vulnerabilities from reaching production environments. According to Palo Alto Networks, the product is intended to give security professionals and developers the ability to identify and address security risks in cloud and AI applications prior to deployment, streamlining the remediation process and reducing associated costs. Prevention-focused approach Cortex Cloud ASPM incorporates an open AppSec partner ecosystem, allowing organisations to aggregate data from various third-party code scanners within a central platform. This integration aims to improve security teams' visibility and enable them to work with their preferred development tools without disruption. Supported partner vendors include Black Duck, Checkmarx, GitLab, HashiCorp, Semgrep, Snyk, and Veracode. This release builds upon the existing Cortex Cloud platform, which previously combined cloud native application protection platform (CNAPP) capabilities with cloud detection and response (CDR) for real-time threat management. Cortex Cloud as a whole is designed to provide protection across the entire application lifecycle, using data that spans code, cloud infrastructure, and security operations centres (SOC). Detailing the organisation's vision, Sarit Tager, Vice President of Product Management at Palo Alto Networks, said: "As AI-generated code compresses application development from months to hours, security must evolve to protect the speed of innovation. Equipped with an industry-leading CNAPP, best-in-class CDR and now prevention-first ASPM, Cortex Cloud delivers the most comprehensive approach to cloud security and automatically stops risks before they reach production with end-to-end visibility across the entire application lifecycle." The integration of ASPM into Cortex Cloud is intended to enhance existing security offerings, enabling organisations to implement preventive controls across development and production environments. Key product features Cortex Cloud ASPM offers several core benefits. The platform is designed to proactively stop risks from progressing into live production environments by enforcing targeted guardrails based on application and business context. A key feature is the correlation of findings from both native security controls and third-party scanning solutions, providing prioritisation of critical and exploitable risks without mandating changes to existing development tools. Automation is another focus area for the product. The platform aims to minimise the need for manual remediation by automating security fixes, allowing both security and development teams to address vulnerabilities efficiently throughout the application lifecycle. Industry perspective Commenting on the challenges in application security, Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC, said: "Application risks reaching production remain a persistent challenge for security teams and continue to leave organisations exposed. As development speed accelerates, the challenge is not just identifying vulnerabilities but focusing on those that pose real risk. By connecting application security with the live threat landscape, Palo Alto Networks' Cortex Cloud ASPM can help organisations to stop threats faster and operate more efficiently." Palo Alto Networks expects that the solution will allow organisations to streamline their approach to application security posture management, while accommodating the increasing pace of development associated with cloud and AI-driven applications. Availability Cortex Cloud ASPM is currently in early access, with general availability anticipated in the second half of 2025.
Techday NZ
4 days ago
- Business
- Techday NZ
Palo Alto upgrades Cortex Cloud to tackle AI-driven code risks
Palo Alto Networks has launched a new capability aimed at securing applications developed with AI-generated code. The latest addition, part of the Cortex Cloud platform, addresses the growing issue of quality and security lapses introduced by AI in software development. As organisations increasingly adopt AI-driven tools to speed up production, concerns are rising over poorly structured, insecure, or redundant code, sometimes described as "AI slop." These problems can result in application failures, unpredictable outages, and security vulnerabilities that are challenging to detect and resolve, particularly in cloud-native environments. ASPM focus The new module, Cortex Cloud Application Security Posture Management (ASPM), is described as a prevention-first solution, focusing on blocking security risks before deployment rather than remediating problems retrospectively. According to Palo Alto Networks, it automates the identification of potential risks and business impacts without disrupting development workflows, while prioritising serious security concerns over less significant issues. The company also introduced an open AppSec partner ecosystem within Cortex Cloud ASPM, enabling organisations to unify data from prominent third-party application security scanners. Partners include Black Duck, Checkmarx, GitLab, HashiCorp, Semgrep, Snyk and Veracode. This consolidation aims to give security teams a clearer, more comprehensive overview of their code security postures by aggregating both native and third-party insights in a single platform. The integration is designed to avoid the need for developers to switch between tools during their work. The new ASPM expansion builds on the February introduction of Cortex Cloud, a platform that merged Palo Alto Networks' cloud native application protection platform (CNAPP) and cloud detection and response (CDR) features. Customers using Cortex Cloud have access to AI-ready data spanning code repositories, cloud resources, and security operations centres, with the goal of unifying and streamlining security management. Industry perspectives "As AI-generated code compresses application development from months to hours, security must evolve to protect the speed of innovation. Equipped with an industry-leading CNAPP, best-in-class CDR, and now prevention-first ASPM, Cortex Cloud delivers the most comprehensive approach to cloud security and automatically stops risks before they reach production with end-to-end visibility across the entire application lifecycle," said Sarit Tager, Vice President of Product Management at Palo Alto Networks. According to the company, key benefits of Cortex Cloud ASPM include proactive prevention of issues from reaching production, prioritisation of genuine risks by correlating findings across a range of scanners and platforms, and extensive automation to reduce manual intervention by security and development teams. Application and software supply chain security is also a concern for industry analysts. Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC, commented on the need for focused, efficient security amidst rapid development cycles. She stated, "Application risks reaching production remain a persistent challenge for security teams and continue to leave organizations exposed. As development speed accelerates, the challenge is not just identifying vulnerabilities but focusing on those that pose real risk. By connecting application security with the live threat landscape, Palo Alto Networks' Cortex Cloud ASPM can help organizations to stop threats faster and operate more efficiently." Availability Cortex Cloud ASPM is now in early access and is expected to become generally available in the second half of 2025. The company highlights the role of automated and context-aware security solutions as the pace of development increases and as AI continues to change software production practices within organisations.
Business Wire
5 days ago
- Business
- Business Wire
Checkmarx Enables Real-Time Code Security with Launch of Developer Assist Agent for AI-Native IDEs
BUSINESS WIRE)--Checkmarx, the leader in agentic AI-powered application security, today announced the general availability of its Checkmarx One Developer Assist agent, with extensions for top AI-native Integrated Development Environments (IDE) including Windsurf by Cognition, Cursor, and GitHub Copilot. New security solution addresses growing risks as AI generates majority of enterprise code with increasing vulnerabilities. Puts power in hands of developers for real-time remediation. Checkmarx One Developer Assist is an advanced security agent that delivers real-time context-aware prevention, remediation, and guidance to developers from the IDE. Part of the Checkmarx One platform, this innovation enables modern engineering teams to identify, suggest, and remediate AI-generated code from the start, accelerating development without compromising security. 'With AI now generating a majority of new code in enterprise environments, traditional security approaches can't keep pace and will be overwhelmed,' said Jonathan Rende, chief product officer at Checkmarx. 'We are focused on ensuring protection starts at the source—whether generated by humans or AI—by putting more power into developers' hands to identify and remediate issues in real-time.' The initial Checkmarx One Developer Assist plugins are built for popular AI-native coding tools Windsurf, Cursor, and GitHub Copilot. As extensions to the Checkmarx One platform, they provide developers seamless access to autonomous, real-time prevention and instant remediation through their primary development environment. During early access of Developer Assist, enterprise customers across healthcare, financial services, and consumer products reported easier access to accurate and complete threat alerts with faster remediation. 'We are very excited about the feedback from customers who have early access to Checkmarx One Developer Assist,' said Ori Bendet, vice president of product management at Checkmarx. 'Developers report faster detection and improved insights. Our goal is to deliver a security-savvy teammate built into their workflow and to reduce the toil of manual processes.' As AI accelerates code generation, it also amplifies security risks that manual reviews can't catch at scale. Developer Assist automates the entire security lifecycle—detection, analysis, and remediation—matching the speed of AI code creation. Developer Assist is the first in Checkmarx's AI agent portfolio, with Policy Assist and Insights Assist agents launching later this year to serve AppSec teams and CISOs respectively. For more information on the new integrations and Developer Assist, visit Checkmarx online here. Additionally, to discuss the challenges of the AI era in person and experience defense at machine speed, please visit booth #5039 at the 2025 Black Hat Conference to see the Checkmarx team in action. About Checkmarx Checkmarx is the leader in agentic AI, cloud-native application security that empowers the world's largest development organizations with real-time scanning and closed-loop remediation to boost developer productivity on security tasks by up to 50%. Based on the powerful Checkmarx One platform that scans over six trillion lines of code each year, Checkmarx is designed for large-scale, hybrid human and AI-assisted development teams. Checkmarx. Always Ready to Run. Follow Checkmarx on LinkedIn, YouTube, and X.
Business Wire
6 days ago
- Business
- Business Wire
Contrast ADR Marks One Year with Surging Growth, Expands Reach with New Developer and SecOps-Focused Integrations
LAS VEGAS--(BUSINESS WIRE)--One year after launching Application Detection and Response (ADR) at Black Hat, Contrast Security is accelerating its mission to secure modern software from the inside out. While legacy AppSec tools struggle to keep pace with AI-accelerated pipelines and cloud-native environments, Contrast has delivered a new approach built on runtime context, AI-driven remediation, and shared visibility across Dev, AppSec, and SecOps. Contrast Security's ADR adoption reached 40% of its customer base, reflecting rapid market validation and strong demand for a runtime-native approach to securing applications and APIs in production. The Northstar release, announced earlier this year, marked a major evolution of the platform. It unified detection, remediation, and observability into a single experience, powered by the Contrast Graph, a real-time behavioral model of the application layer that maps attack surface, defenses, vulnerabilities and more, providing the rich context app/API security demands. Northstar also introduced SmartFix, Contrast's agentic AI for auto-generating validated code fixes, and Deployment Hub with Flex Agent, which makes it easy to scale ADR across complex enterprise environments. According to Contrast's Software Under Siege 2025 report, application-layer attacks now occur every 3 minutes, yet most security teams lack the runtime context to detect or respond in time. This week, Contrast is expanding the reach of Northstar with two new ecosystem integrations that make runtime security even more accessible and effective: GitHub Copilot Integration – Developers can now apply AI-generated fixes that are validated by live runtime evidence, bridging the gap between detection and developer action. Unlike traditional AI suggestions that lack runtime context, Contrast SmartFix works with GitHub Copilot to generate secure code fixes based on runtime vulnerability details, proven exploitability, attack details, defenses available, and context from the Context Graph. This streamlines remediation by delivering ready-to-review pull requests that are both context-aware and safe for production, helping developers fix real issues faster without disrupting their workflow and ship with confidence. Sumo Logic Integration – Contrast attack telemetry now flows directly into Sumo Logic, enabling SOC teams to triage, investigate, and respond with full application-layer context. Security teams gain real-time visibility into exploit attempts, vulnerable code paths, and application behavior, all enriched through the Contrast Graph. By integrating runtime intelligence into existing SIEM workflows, organizations can stop breaches faster, reduce mean time to detect (MTTD), cut investigation overhead, understand the blast radius and close the loop between AppSec and incident response. The updates to the Northstar release align with Contrast's vision of securing software across the full lifecycle, from production back to code, with a single, unified platform. Contrast ADR is the first runtime-native platform for defending applications in production, built to detect, block, and remediate real threats as they happen. By uniting developers, AppSec, and SecOps around the same runtime intelligence, Contrast ADR delivers the shared context teams need to act faster, fix smarter, and stop chasing noise. 'Legacy tools show you possible issues. Contrast ADR shows you what's actually happening, so teams can act fast and act right,' said Jeff Williams, CTO and Co-founder of Contrast. 'From the inside out, Contrast is securing what matters most: the code that's running right now.' The adoption of ADR has been especially strong in industries with the highest security and compliance demands, including financial services, healthcare, manufacturing, and technology. Organizations in these sectors are replacing legacy scanners and fragmented workflows with Contrast's unified runtime platform to reduce time-to-fix, eliminate false positives, and improve real-world outcomes. 'ADR has always been about helping teams focus on what matters most by seeing what's actually happening within their apps,' said Faya Peng, Head of Product and General Manager of ADR at Contrast Security. 'These new integrations with GitHub Copilot and Sumo Logic just make that easier. Developers and security teams can now work from the same real-time data and take action faster, all within the tools they're already using.' To see Contrast ADR in action, visit Booth #1861 at Black Hat USA 2025, or learn more at About Contrast Security Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application-layer risks that traditional solutions miss. Contrast's powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats.
Channel Post MEA
26-06-2025
- Business
- Channel Post MEA
Akamai Expands API Security To Address Visibility Gaps From Code To Production
Akamai Technologies has announced new Akamai API Security enhancements designed to help customers stay ahead of evolving threats to APIs. The improvements come as Akamai's API security offering earns recognition through both prestigious industry awards and customer adoption. APIs power everything from mobile apps to online banking, but their growing use has made them a top target for cyberattacks. As threats multiply, companies are racing to secure their APIs without sacrificing speed or innovation. Akamai's latest API Security enhancements address visibility gaps across the API development and production lifecycle. These enhancements include: Managed Service for API Security: The first managed service built specifically for API security, it combines real-time monitoring, expert response, and clear guidance to help organizations catch threats early and cut risk. The first managed service built specifically for API security, it combines real-time monitoring, expert response, and clear guidance to help organizations catch threats early and cut risk. Integration with code repositories: This integration lets teams scan API specifications and code to spot risks before launch — even for APIs that haven't gone live yet. This integration lets teams scan API specifications and code to spot risks before launch — even for APIs that haven't gone live yet. Compliance Dashboard: This dashboard gives teams a centralized view to check how their APIs stack up against key security and privacy standards — like the Payment Card Industry Data Security Standard (PCI DSS v4.0), the General Data Protection Regulation (GDPR), and the MITRE ATT&CK framework — making audits easier and reducing compliance risk. Akamai customers increasingly highlight the benefits of API Security: 'Akamai API Security gives us a clear view of what data is being used and how, enabling us to minimize our attack surface while still delivering the best service possible to our customers.' — CTO of an insurance company '[API Security] is the lighthouse for my AppSec team: Now we know what to focus on. It's a major data security tool for us. The deployment was very easy and they were true partners in the process. Now we can assess our risk in the most scientifically true way possible and control our destiny.' — CISO of a software company 'The tool is robust and responsive, and has given us peace of mind that we have visibility of everything happening at the API level.' — Executive in a healthcare and life sciences organization Akamai's security solutions win awards Three of the technology sector's top industry accolades were recently awarded to Akamai's security solutions. 'Companies are realizing that APIs are a prime target for attackers and securing them is essential to staying resilient, especially in the AI era,' said Rupesh Chokshi, Senior Vice President and General Manager of Akamai's Application Security Portfolio. 'It's great to see the traction we're getting in both adoption and recognition. It tells us we're solving real problems for our customers.'
