Connect with us

Hi, what are you looking for?

Biz Solutions

Azul launches new security product

By eliminating false positives and with no performance impact, Azul Vulnerability Detection is ideal for in-production use and addresses the rapidly increasing enterprise risk around software supply chain attacks.

Azul, the only company 100% focused on Java, announced Azul Vulnerability Detection, a new SaaS product that continuously detects known security vulnerabilities that exist in Java applications. By eliminating false positives and with no performance impact, Azul Vulnerability Detection is ideal for in-production use and addresses the rapidly increasing enterprise risk around software supply chain attacks.

According to Gartner, “by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021” (Gartner, Emerging Tech: A Software Bill of Materials is Critical to Software Supply Chain Management, Mark Driver, September 6, 2022).

Azul’s agentless cloud service helps organizations understand their Java application exposure to known vulnerabilities based on real usage in production, QA, and development. This approach enables true end-to-end security across the software supply chain with no performance penalty while eliminating false positives.

Vulnerabilities In Third-Party Production Code Increase Enterprise Risk

Advertisement. Scroll to continue reading.

An estimated 40% to 80% of the lines of code in software come from third parties such as libraries, components and SDKs. Vulnerabilities within third-party sources, whether commercial or freely available open source, present a growing risk to all enterprises and need addressing across all phases of the software supply chain.

For example, organizations continue to grapple with Log4Shell, a critical vulnerability found in a widely used Java-based logging component (Log4j), which the Department of Homeland Security called “one of the most serious software vulnerabilities in history”. Azul Vulnerability Detection lets organizations focus on where components such as Log4j are actually run and used instead of merely present. This highly accurate runtime-level visibility enables faster remediation of vulnerabilities with significantly less operational overhead.

“Attackers will target commonly used open source to find vulnerabilities because they know their wide usage will leave many organizations open to attack. We’ve learned from past vulnerabilities like Log4Shell that the challenge is in rapidly finding the instances in use and quickly remediating them,” said Melinda Marks, senior analyst, Enterprise Strategy Group. “Azul Vulnerability Detection will be helpful for organizations to use to efficiently remediate Java vulnerabilities to protect their applications.”

Detecting Vulnerabilities In Production Is Key To Securing Software Supply Chains

Azul Vulnerability Detection uniquely identifies code run using sophisticated, highly granular techniques inside Azul JVMs and maps against a curated Java-specific database of common vulnerabilities and exposures (CVEs). This produces more accurate results and eliminates false positives, even for custom code and shaded components. Additionally, the history of detections is retained so that when new CVEs are disclosed organizations can find out when and on what systems they have been running the vulnerable versions, allowing for focused and efficient forensics.

Advertisement. Scroll to continue reading.

Users can access data about which components are (or were) present, in use and vulnerable, via either the product’s API or an intuitive UI. As an agentless cloud service, Azul Vulnerability Detection avoids the performance penalty associated with other tools that require customers to install and manage a separate piece of software such as agents.

“Azul Vulnerability Detection makes security a byproduct of simply running your Java software,” said Scott Sellers, Azul CEO and co-founder. “Our new product fills a critical gap in enterprises’ security strategies – detecting vulnerabilities at point of use in production, the endpoint of the software supply chain. As a leading Java runtime provider to the world’s most important enterprises around the globe, Azul is uniquely positioned to augment the vulnerability detection market by eliminating the performance penalties and false positives that have plagued customers who rely solely on legacy tools.”

Azul’s New Product Enables Practical Observability Of Vulnerabilities In Production

Today’s announcement represents the latest addition to the Azul Intelligence Cloud family of products. Azul Vulnerability Detection is generally available now and works with any Azul JVM, including free Azul Zulu Builds of OpenJDK, and is compatible with all Java applications, libraries and frameworks. Benefits include:

  • Ongoing Detection at Point of Use in Production: Continuously assesses application-level exposure to vulnerabilities in production without the need for source code. Compares code run against a Java-specific CVE database.
  • Eliminate False Positives and Accelerate Remediation: Focuses scarce human remediation effort where vulnerable code is or has been used vs. simply present. Eliminates false positives by monitoring code executed by the Java runtime (JVM) and generates accurate results unattainable by traditional tools.
  • NoOps with Transparent Performance Enables Practical Production Observability: Leverages monitoring and detection built in to Azul JVMs which eliminates the performance penalty commonly seen with other application security tools. As an agentless solution, eliminates management overhead for maintaining and updating separate agents in production.
  • Detection for Every Java Application, Library and Framework: Checks all of an enterprise’s Java software (including frameworks such as Spring, Hibernate, Tomcat, Quarkus, Micronaut, and infrastructure such as Kafka, Cassandra, Elasticsearch, Spark, Hive, Hadoop, and more) — whether they built it, bought it, or are introducing a security regression with a recent change.
  • Historical Traceability Enables Focused Forensics: History of component and code use is retained, helping enterprises focus forensic efforts to determine if vulnerable code was actually exploited prior to it being known as vulnerable.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

NutriAsia has demonstrated how local businesses can effectively engage with online audiences as part of TikTok Shop's Buy Local, Shop Local campaign.

HEADLINES

Building on the legacy of the flagship Dimensity 9400, the MediaTek Dimensity 8400 brings an All Big Core design to the premium smartphone market...

HEADLINES

In collaboration with PLDT Enterprise, SGS has implemented e-waste bins in its facilities, ensuring the proper disposal of outdated and broken electronic devices. This...

HEADLINES

Running until January 15, 2025, every eligible transaction you make using PalawanPay gives you a chance to win investment-grade gold bars from the exclusive...

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

In partnership with Caritas Manila, Converge has been supporting the Unang Yakap Program that aims to provide healthcare and nutritional assistance to underprivileged pregnant...

HEADLINES

This collaboration marks a significant milestone in enhancing mobile connectivity and capacity across the country.

HEADLINES

This recognition underscores HUAWEI’s influential success and dedication to revolutionize the wearables technology market.

Advertisement