Latest news with #VRM
Business Wire
22-04-2025
- Business
- Business Wire
Veracode Advances Application Risk Management with Innovations for Comprehensive Risk Visibility and Software Supply Chain Security
BURLINGTON, Mass.--(BUSINESS WIRE)--Veracode, a global leader in application risk management, today unveiled new capabilities offering proactive risk mitigation and automated security at enterprise scale. With software supply chain attacks and open-source vulnerabilities at an all-time high, enhanced Veracode Risk Manager (VRM) and an early access program for Veracode Package Firewall come at a critical juncture. The innovations represent a significant milestone in Veracode's vision to deliver centralized risk visibility and secure development from the start. Our latest Application Risk Management platform enhancements give organizations the tools to not just identify risks, but to trace them to their root cause and prevent them before they compromise the software supply chain—without slowing down development. Share 'Security teams face immense pressure to combat evolving threats, while developers require the flexibility to innovate quickly,' said Derek Maki, Head of Product at Veracode. 'Our latest Application Risk Management platform enhancements provide organizations with the tools to not just identify risks, but to trace them to their root cause and prevent them before they compromise the software supply chain—all without slowing down development.' Veracode's newest offerings address increasing risk from open-source vulnerabilities and untrusted sources, reinforcing its leadership in application security innovation. The offerings combine automation with detailed remediation guidance to enable frictionless workflows throughout the software development lifecycle. Fortified Software Supply Chain Security with Veracode Package Firewall With over 97 percent of applications leveraging open-source components, malicious or noncompliant packages expose organizations to serious security risk. Veracode Package Firewall, built on technology acquired from Phylum Inc., blocks unsafe dependencies before they enter an organization's environment. The tool employs the Open Policy Agent (OPA), a universal standard for policy automation that enables automated enforcement to expedite governance, effectively preventing software supply chain risks at the earliest entry point. Veracode Package Firewall delivers: Proactive Risk Mitigation: Strengthened security posture, reduced attack surface, and lower operational costs through automation and early threat mitigation. Streamlined Security and Compliance: Faster time to market, simplified compliance reporting, and enhanced collaboration across security and development teams. Secure Developer Productivity: Improved efficiency and innovation, freeing up developers' time to focus on building software. Veracode Package Firewall is currently available to a subset of customers under early access and will be generally available in June 2025. Intelligent and Contextualised Prioritization with Veracode Risk Manager Security teams are overwhelmed with the volume of risk alerts, making it challenging to identify which vulnerabilities are the most critical. Veracode's latest enhancements to VRM further strengthen its Application Security Posture Management (ASPM) capabilities, providing unified risk visibility, contextual prioritization, and automated threat management. Key new features include: Runtime Container Risk Context: Seamless integration with Kubernetes environments to enrich vulnerability findings with crucial runtime intelligence. This allows customers to prioritize remediation efforts by identifying which vulnerabilities exist in packages that are loaded and exposed in running containers, focusing on the most tangible risks to the business and providing continuous visibility into the application's runtime posture. Advanced Labeling Capabilities: Precise control over security findings with highly customizable tags and classifications. This granular labeling directly streamlines remediation by enabling targeted filtering and the creation of role-specific risk views tailored to use cases that matter most to the business. Repository Tools: More seamless integration with repository tools to pinpoint the exact origin of vulnerabilities, identifying the root cause of risk. This direct line of sight accelerates root cause analysis and enables teams to address security flaws with greater speed and precision. Veracode Risk Manager automates issue investigation and prioritization while facilitating real-time monitoring—crucial for evaluating and improving security posture across multi-cloud environments. These latest enhancements enable organizations to address risk more effectively, with improved precision, triaging, and control over findings from multiple environments. Runtime Container Risk Context and Repository Tools are available now, and Advanced Labeling Capabilities will be coming soon. See the Innovations Live at RSAC 2025 Veracode's experts will be on site at RSAC Conference in San Francisco (April 28 - May 1, 2025) to showcase the company's latest products. Visit booth #1243 for interactive demos and expert discussions on how to stay ahead of emerging threats and stop software supply chain attacks before they happen. Learn more about Veracode's products on the website. About Veracode Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform offers adaptive software security and is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world's leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing. Learn more at on the Veracode blog, and on LinkedIn and X. Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
Associated Press
29-01-2025
- Business
- Associated Press
Swimlane Pioneers Industry's Most Intelligent Vulnerability Response Solution for Smarter Risk Prioritization and Management
Swimlane, AI hyperautomation for the entire security organization, today announced the industry's most capable Vulnerability Response Management (VRM) Solution that extends beyond siloed vulnerability management by offering risk-based prioritization, exploit intelligence and recommended remediation workflows. Swimlane AI automation solutions combine the power of AI with human expertise, enabling faster, more accurate decision-making and empowering security teams to act confidently. This press release features multimedia. View the full release here: (Graphic: Business Wire) VRM is designed to help enterprise and MSSP security teams proactively reduce risk, prevent breaches and ensure continuous compliance. With an overwhelming volume to manage, 68% of organizations leave critical vulnerabilities unresolved for over 24 hours. Despite this shortcoming, over half (55%) of organizations lack a comprehensive system for vulnerability prioritization, contributing to the complexity, communication and compliance challenges presented in the research. This reactive approach exposes organizations to breaches, compliance failures and costly penalties. 'It's not just about patching vulnerabilities—it's about prioritizing the ones that matter most in preventing business impacts and acting decisively to give security teams the confidence to stay one step ahead of threats,' said Shawn McBurnie, Head of IT/OT Security Compliance at Northland Power. 'Swimlane has transformed how we handle patching and vulnerability remediation, and we look forward to leveraging the automation and intelligence built into Swimlane's offerings to streamline our process even further, eliminating the struggles we once faced in pushing out critical updates.' Swimlane Turbine combines the power of AI and human intelligence into an out-of-the-box VRM solution. This solution centralizes intelligence-driven and customer-customizable insights from multiple vulnerability scanners, enabling organization-wide visibility, smart prioritization and cross-functional collaboration through a single management console. VRM leverages Swimlane Intelligence, the industry's most robust, transparent and customizable intelligence layer. This offers a uniquely comprehensive view of vulnerabilities that ensures security teams can effectively address the highest-risk vulnerabilities first through a risk-based prioritization score. Not Just Another Scanner: Swimlane VRM Closes the Loop on Vulnerability Management Swimlane VRM is the perfect complement to vulnerability scanners that offer partial visibility into vulnerability findings, but due to their vendor-ecosystem-specific focus, fail to provide a clear view of company-wide risk and impact. With built-in organization-specific intelligence and vulnerability intelligence data sets, VRM serves as the single source of truth for vulnerability management. Customers will benefit from standout capabilities, including: Swimlane Intelligence: VRM picks up where vulnerability scanners stop, using AI and automation to enrich findings with Swimlane Intelligence, such as known exploits, temporal Common Vulnerability Scoring System (CVSS) scores, remediation information, with over 30 out-of-the-box enrichment and customizable sources. Risk Profile: The Risk Profile dashboard combines two critical views that provide a real-time view of vulnerability information: Risk Score and Prioritization Rank. The Risk Score consolidates data from CVSS, exploit scores, and asset criticality into a personalized and easy-to-understand view of organization-wide vulnerabilities. The VRM Prioritization Rank uses Swimlane Intelligence to automatically assess risk and prioritize responses, factoring in exceptions to reduce unnecessary alerts. Hero AI: Directly integrated into VRM, security teams can ask Hero questions like 'What CVEs are not patched on this system?' Multi-Scanner Integration: Powered by Turbine's infinite integration capabilities, VRM connects to multiple vulnerability scanners, consolidating and normalizing findings from leading vendors like Rapid7, Tenable and Lacework, into a single, comprehensive view. Vulnerability Case Management: VRM's case management application is designed to improve coordination and communication between security and operations teams. By integrating with leading IT Service Management vendors like ServiceNow, Jira, and collaboration tools like Microsoft Teams, Slack and email, tracking vulnerabilities and ensuring coordinated remediation is easier than ever. Asset Inventory: VRM provides a system of record for all assets that have findings in an organization, centralizing data from all connected vulnerability scanners for seamless management. 'For years, Swimlane customers have used our platform to solve some of the toughest challenges in security — whether it's reducing risk, ensuring compliance, or streamlining operations,' said Cody Cornell, Co-Founder and Chief Strategy Officer of Swimlane. 'With the launch of VRM, we're taking everything we've learned from these real-world use cases and making it available out of the box for every organization. This isn't just a product launch — it's another step in our mission to deliver comprehensive, end-to-end solutions that evolve alongside our customers.' About Swimlane At Swimlane, we believe the convergence of agentic AI and automation can solve the most challenging security, compliance and IT/OT operations problems. With Swimlane, enterprises and MSSPs benefit from the world's first and only hyperautomation platform for every security function. Only Swimlane gives you the scale and flexibility to build your own hyperautomation applications to unify security teams, tools and telemetry ensuring today's SecOps are always a step ahead of tomorrow's threats. Allison Knight 806-570-9819 SOURCE: Swimlane Copyright Business Wire 2025. PUB: 01/29/2025 09:00 AM/DISC: 01/29/2025 09:01 AM
