Enterprise Scale Solution for DevOps Security Posture Management
OpsMx, the leader in intelligent continuous delivery, today announced extensions to OpsMx Intelligent Software Delivery (ISD) that make it the first CI/CD solution designed for secure software delivery and deployment. By adding OpsMx ISD Security to their existing software lifecycle, organizations can prevent the introduction of security issues, discover and more quickly resolve vulnerabilities in production environments, and capture a delivery bill of materials (DBOM). The solution has been developed in collaboration with and is being deployed by OpsMx customers that include Fortune 10 enterprises and global leaders in financial services, healthcare, and technology. The announcement was made today at cdCon + GitOpsCon 2023.
“The attack surface of delivery processes, DevOps tools, and deployments keeps increasing, yet companies and security vendors continue to focus just on attacks in production or attacks through code,” said Gopal Dommety, CEO and founder of OpsMx. “Even security-conscious enterprises are often forced to operate on an honor system when it comes to enforcing software delivery policies. With these new capabilities, OpsMx is providing the security guardrails to ‘trust, but verify,’ keeping developers productive while giving DevOps teams the security posture management that they need.”
High-profile security breaches and the U.S. Government’s “Executive Order on Improving the Nation’s Cybersecurity” have prompted organizations to implement rigorous security controls over their software development processes and supply chain. Security of the delivery and deployment of that software to production, however, is often overlooked, even as the list of potential attacks tracked by organizations like CNCF continues to grow. As applications and infrastructures become more complex, deployment processes cross teams, target multiple environments, integrate potentially dozens of DevOps tools, and still include manual steps, each of which is a potential security risk.
For OpsMx customers, these risks translate into practical security requirements that have guided the development of OpsMx ISD security capabilities, such as:
- A global electronics manufacturer needs to demonstrate continuous infosec compliance by identifying, managing, and tracking CVEs.
- A healthcare technology provider needs an automated way to demonstrate HITRUST compliance for their software delivery processes, in place of manually sifting through log files.
- A global financial services company needs to enforce its access control policies for critical applications across every stage of the application deployment process.
- A global technology company with a significant commitment to open source software needs to quickly identify where any newly announced vulnerability is currently deployed in their production environment.
- A global software company needs to automatically review new releases, identify issues, and recommend if they should be deployed as their volume of releases grows.
The security capabilities of OpsMx Intelligent Software Delivery (ISD) help organizations prevent potential security issues, discover and resolve vulnerabilities in their environment, and demonstrate secure software delivery.
- Prevent Security Issues. Prevention starts with tightly controlling the delivery and deployment process. OpsMx enforces policies, such as mandatory security checks, in the delivery process. Security controls over who can modify the delivery pipelines and policies further ensure protection. When manual approvals are required, OpsMx offers AI/ML support to automatically calculate a security score on a new release and recommend if it should be deployed. New releases can also be compared to prior releases to see the specific security impacts and guide deployment decisions.
- Resolve Security Vulnerabilities. Resolution starts with synthesizing the contents and delivery history of currently deployed applications. From this data, OpsMx identifies current CVEs and CIS vulnerabilities. Using a definitive record of what was deployed where, OpsMx can precisely trace the location of a vulnerability, significantly shortening time to resolution. As new open source vulnerabilities are discovered, OpsMx issues alerts with pointers to where action is required.
- Secure End-to-End Delivery Processes. OpsMx provides end-to-end traceability of the delivery of every application and service, captured in a delivery bill of materials (DBOM), the operations equivalent to the development team’s software bill of materials (SBOM). OpsMx’s definitive audit record of each step in delivery and deployment includes all approvals and the output of tools included in the process, such as SonarQube, Jira, or ServiceNow. If an exception is granted to deploy a vulnerability, OpsMx captures a record of the exception and sets a trigger for future review.
Together, these capabilities enable DevOps security posture management in alignment with the NIST Cybersecurity Framework. Now DevOps teams have the tools to attest to the security of the delivery and deployment process, just as development teams attest to the security of their code.
OpsMx Security extensions are part of OpsMx ISD Release 4.0, now available for private preview and generally available in July, 2023. Customers may request a demonstration or join the private preview here.
Customers may implement OpsMx ISD as a comprehensive, security-first CD solution, or use OpsMx ISD Security as an add-on module to their current CD solution. OpsMx ISD Security integrates with Spinnaker and Argo today, with support for Jenkins, GitHub Actions, and additional CD solutions coming later this year.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!