How these companies can help make your applications more secure

Dror Davidoff, co-founder and CEO of Aqua Security
Aqua Security enables enterprises to secure their container-based and cloud-native applications from development to production, accelerating container adoption and bridging the gap between DevOps and IT security.

Images serve as a container’s foundation, and developers can easily pull them from a centralized registry to run containers in a highly automated, flexible process. From a security and governance perspective, trusting the container image becomes a top priority. At the same time, runtime environments with a new stack that includes container runtime engines, orchestration platforms such as Kubernetes, and cloud-native network overlays, present a challenge in providing visibility and control over containerized applications.

The Aqua Container Security Platform delivers the most comprehensive solution for securing containerized environments, supporting a broad range of platforms, for “on-prem” deployment as well as AWS, Google, and Azure cloud deployments. Aqua’s solution provides full lifecycle security for containers, hardening the technology and implementing tight, enforceable governance of the entire development process, with a special focus on runtime.

As container adoption rates surge, and the infrastructure for cloud-native continues to evolve to include Container-as-a-Service (CaaS)  and serverless approaches, Aqua is investing in supporting our customers’ DevSecOps initiatives on their platform of choice. For example, the recent release of v3.0 introduced native support for Kubernetes and a new MicroEnforcer model that enables security and monitoring in CaaS environments such as AWS Fargate and Microsoft ACI.

Aqua integrates and automates strong, enforceable security controls into the application development lifecycle from the moment a container is created until it is decommissioned. By providing a comprehensive platform for securing containerized environments, Aqua enables customers to extract all the cost, agility, and efficiency benefits that containers offer without increasing their risk profiles.

RELATED CONTENT: A guide to DevSecOps tools

Pete Chestna, director of developer engagement at CA Veracode
CA Veracode, enables the secure development and deployment of the software that powers the application economy. This includes open source technology and your own first party developed code.

With its combination of automation, process and speed, CA Veracode becomes a seamless part of the software lifecycle, eliminating the friction that arises when security is detached from the development and deployment process. As a result, enterprises are able to eliminate vulnerabilities during the lowest cost-point in the development/deployment chain so they can fully realize the advantages of DevOps environments while ensuring secure code is synonymous with high-quality code.

CA Veracode provides the three key criteria for fitting into today’s DevOps methodology. It is fast, provides an industry best low false-positive rate and integrates into popular tools out of the box. CA Veracode can scans applications with a combination of Static, Dynamic and Software Composition Analysis to provide a comprehensive view of risk prior to deployment.

CA Veracode helps train development teams through a combination of on-demand eLearning, instructor-led training and guidance provided directly through our IDE integrations. Shifting left all the way to training allows you to bend the typical bug fixing cost curve to zero. If you can train your developers to write it correctly the first time, or catch it as they write code, they actually code faster by avoiding costly rework.

The CA Veracode services team helps you fix what you find. We have a dedicated team of security consultants that will work with your team to understand what was found, how to fix it and how to prevent it in the future.

Arkadiy Miteiko, co-founder and CEO of CODEAI
CODEAI is the only SAST solution currently available that does not slow you down. It is no myth that introduction of security coding requirements does slow DevOps down. CODEAI enables DevOps to maintain their speed as they work on hardening applications against known cyber security threats. It reduces noise in the tool chain (i.e. false positives) and generates actionable solutions for the issues found. Developers can spend more time coding new things and less time fixing old code. It amplifies security standards and enables developers to successfully meet them. CODEAI is available as a cloud based service for open source projects and can be deployed on premise for commercial customers. It easily integrates with your SDLC toolchain and delivers value within a few weeks after deployment. It is ideal for the teams that are looking to buy performance not just a product.

John Steven, senior director of software security at Synopsys
In many ways, application security has always struggled to find its seat at a larger table during broader enterprise security or development conversations. Synopsys Consulting services and developer-centric tools have always helped owners of application security initiatives find their seat at those larger tables.

Today, in the face of movements like ‘DevOps’, we find that helping application security coach development in ways to ‘accelerate the delivery of software’ is crucial. It both credentials those maturing security initiatives and finds them that seat at the table.

So, at Synopsys, we help client organizations modernize their software lifecycles, bringing the appropriate aspects of security in at every lifecycle phase. The result is increased agility and more automated governance, as well as reduced barriers between traditional silos like Development, Operations, and Security Governance.

RELATED CONTENT: Application security needs to shift left