Latest news with #AzulVulnerabilityDetection
Techday NZ
30-07-2025
- Business
- Techday NZ
Azul launches Managed Services Programme for Java insights
Azul has introduced a Managed Services Provider Programme for its Azul Intelligence Cloud, enabling managed service providers to integrate Java software asset management, vulnerability detection and code inventory capabilities into their service offerings. The new programme allows partners to utilise sublicensing and white-label rights for Azul Intelligence Cloud's Software-as-a-Service tools - JVM Inventory, Azul Vulnerability Detection, and Code Inventory. Through these tools, MSPs can offer detailed analytics and insights on their customers' Java environments, including active Java Virtual Machines from Oracle, Azul, and any OpenJDK distribution. Partners will be equipped to deliver reports and analyses that provide customers with greater visibility into Oracle Java license management, application security vulnerabilities and opportunities to streamline code maintenance. The solution is designed to help organisations reduce non-compliant licensing risks and improve their security posture without needing to deploy or manage new tools themselves. Features of the programme The Managed Services Provider Programme permits channel and services partners to deliver Java license, security and efficiency insights as part of their broader managed service packages. Under the agreement, MSPs create a secure, tenant-specific Intelligence Cloud environment for each end customer. Partners can then manage onboarding, deploy agents, oversee data collection, configure alerts and generate scheduled reports - all under their own brand, with results presented as "Powered by Azul." Through the service, partners can bundle Java license compliance advisories, application modernisation initiatives and managed DevOps services, adapting to varying service delivery and revenue models. The aim is to provide end customers with ongoing assurance of compliance and security with minimal operational involvement on the customer's part. Evan Boyd, Managing Director of Software Licensing Consultants, highlighted the visibility and operational benefits provided by the solution: "Azul Intelligence Cloud lets us see every JVM our customers use and depend on - whether it's Oracle, Azul, or any other OpenJDK distribution - and immediately understand compliance or security gaps. Embedding Intelligence Cloud into our managed service portfolio, particularly the annual Java advisory services we provide, means we can deliver faster, more accurate license reconciliation and real-time compliance for our customers while removing the operational burden." Reducing risk and false positives Azul has outlined a range of capabilities available through the Intelligence Cloud, including continuous runtime detection of all JVMs - covering vendor, version, installation and application details - which helps pinpoint Oracle JVMs subject to commercial licensing. This data can be attributed to the responsible teams and applications to ensure license compliance. Azul Vulnerability Detection makes use of class-level runtime data to reduce security vulnerability false positives by up to 99%, enabling MSPs to focus on actionable security risks. The Code Inventory feature helps identify unused and redundant Java code, allowing partners to offer advice on code base modernisation and maintenance. The detection of obsolete code can result in efficiency improvements and cost savings, and according to Azul, advisory services delivered through the programme could enable developers to reallocate as much as 40% of their time to other business priorities due to reduced code maintenance burdens. Because MSPs manage deployment, data gathering and insight delivery, clients are spared the complexity of operating additional software consoles, and are instead provided with actionable reporting about their Java estate health and risks. Partners and benefits The managed delivery approach is intended to simplify how customers access continuous insights into Java usage, compliance, security incidents and code efficiency - potentially supporting organisations in lowering audit exposure and licensing costs, bolstering security and reclaiming developer productivity. Simon Taylor, Vice President of Global Channel and Alliances at Azul, described the company's intent behind the programme: "Java estates continue to expand across a myriad of deployment environments, and the cost, time and resources required to get the right licensing and security insights for compliance-oriented decision making can be enormous. By giving partners full, managed access to Azul Intelligence Cloud, we're equipping them to deliver turnkey services where they can put clear, actionable reporting and insights into the hands of their customers' decision makers. Ultimately, this mitigates license audit risk and cost, surfaces critical vulnerabilities proactively and reclaims developer capacity for their customers."
Techday NZ
13-06-2025
- Business
- Techday NZ
Azul boosts Java security with improved runtime vulnerability detection
Azul has introduced enhanced vulnerability detection capabilities to its Intelligence Cloud that aim to reduce false positives and improve the accuracy of identifying Java application security risks. The company's updated solution, called Azul Vulnerability Detection, now uses class-level production runtime data to detect known vulnerabilities within Java applications. This approach contrasts with conventional application security (AppSec) and application performance monitoring (APM) tools, which often flag vulnerabilities based on component file names or software bill of materials (SBOM) data. Such traditional practices can generate a large volume of false positives, which the company asserts unnecessarily divert DevOps teams' time and effort. Based on findings from the Azul 2025 State of Java Survey & Report, a significant proportion of organisations are affected by this problem, with 33% indicating that more than half of their DevOps teams' time is spent addressing false positives related to Java Common Vulnerabilities and Exposures (CVEs) alerts. The broad-brush flagging approach, which does not distinguish between components actually used in production and those simply present, can result in alerts for unused or non-critical vulnerabilities. Azul's approach leverages data from Java application production environments to establish whether vulnerable classes in a component are executed, rather than simply existing as part of a packaged file. The company claims this refinement enables the solution to eliminate up to 99% of false positives, translating to a potential 100 to 1,000 times reduction compared to earlier detection methods. The technical approach The solution operates by applying a curated knowledge base that maps CVEs to individual Java classes used at runtime. By examining actual code paths executed in live environments, the system can determine whether a flagged vulnerability is relevant and warrants example cited is CVE-2024-1597, which affects specific versions of the PostgreSQL Java Database Connectivity (JDBC) driver. This high-severity vulnerability, which scores 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), can only be exploited when the driver is used in a particular non-default configuration. Conventional tools issue alerts if the driver is present in the application package, regardless of how it is used, contributing to unnecessary remediation efforts. Azul's detection mechanism discerns whether any of the 11 susceptible classes out of 470 in the component are used, thereby reducing irrelevant alerts. Key benefits According to Azul, the Intelliigence Cloud's Vulnerability Detection capability provides several benefits to enterprises managing extensive Java estates. These include continuous, real-time detection of vulnerabilities in production environments, which helps teams rapidly triage and prioritise critical issues in high-stakes scenarios like the Log4j vulnerability event. The platform retains both real-time and historical data on component and code use, using AI methods to focus forensic investigations on vulnerabilities actively exploited prior to their discovery. Azul's vulnerability team updates the system's knowledge base with newly identified CVEs, using AI to monitor sources such as the National Vulnerabilities Database (NVD) and other repositories. The runtime data collection works across Oracle JDK as well as any OpenJDK-based Java Virtual Machine (JVM), providing flexibility for organisations using a range of Java distributions, including those from Amazon, Temurin, Microsoft, and Red Hat. Azul states that this data-gathering incurs no impact on production system performance, as it leverages information already generated by the JVM during application execution. "The improved Vulnerability Detection features strengthen the proposition of Azul's Intelligence Cloud analytics SaaS offering as a way to increase DevOps productivity and recover developer capacity by reducing the need for full-time employee time spent wasted on security false positives and inefficient triage," said William Fellows, research director at 451 Research, part of S&P Global Market Intelligence. Company statement "Our mission is to help enterprises focus their security efforts on what matters - real risk, not noise," said Scott Sellers, co-founder and CEO of Azul. "By eliminating up to 99% of false positives and pinpointing vulnerabilities in Java applications with 100x – 1000x greater accuracy than traditional tools, Azul Intelligence Cloud enables capacity recovery across DevOps and security teams. As a result, teams can dramatically reduce noise, prioritise real risk and accelerate remediation - all with zero impact to performance and without slowing innovation." Azul's enhancements to its Intelligence Cloud are positioned to address long-standing productivity challenges faced by DevOps teams handling Java application security, particularly the time lost to managing irrelevant or inaccurate alerts.
