• Home
  • Blog
  • ZeroNorth Platform
  • Leading Security Publications Laud ZeroNorth’s Compelling Value for AppSec Automation and Orchestration

Leading Security Publications Laud ZeroNorth’s Compelling Value for AppSec Automation and Orchestration

ZeroNorth Platform

Publish Date

May 12, 2020

Written by

Joanne Godfrey

Tagged with

  • Vulnerability Management
  • CSO and SC Mag Product Review

There’s no greater validation of the ZeroNorth platform than objective reviews from leading publications in the security industry. And we now have two of them—from CSO Magazine and SC Magazine!

Both reviews recognize the value of ZeroNorth’s platform as a solution for managing application security throughout the software development life cycle (SDLC). CSO Magazine attests, “ZeroNorth would be a highly valuable addition for any organization trying to tame the deluge of scanner sprawl or improve their scanning accuracy, with either new policies or tools.”

In its Vulnerability Management group review, SC Magazine asserts, “The ZeroNorth Platform offers a significant return on investment by optimizing other security tool investments, expanding the scanning portfolio and maximizing time-to-value.”

Reduce alert fatigue and speed up remediation

With the vulnerability overload facing security and development teams, and the resulting inefficiency of remediation processes, ZeroNorth’s ability to make application security efficient and effective is a compelling reason to invest in the platform. Both reviews highlight ZeroNorth’s ability to ingest and correlate findings generated by one or more scanners and consolidate them into prioritized tickets.

In one of CSO Magazine’s testing scenarios, ZeroNorth compresses 56 scanning alerts down to a single problem. It also graphically displays the relationship between vulnerabilities, a feature the tester finds very powerful. With this insight, the tester can address a single issue and thus resolve multiple connected ones “instead of wasting time patching related but individual problems.” According to CSO Magazine, “The ZeroNorth platform makes scanners more effective and reduces cybersecurity fatigue by consolidating both scan results and fixes.”

Understand the risk, find the blind spots

The reviews also laud ZeroNorth’s user-friendly dashboard, which provides a snapshot of the business risk posture and identifies blind spots in scanning of both development and production environments. SC Magazine finds “its well-designed user interface intuitive to use and navigate, with its multiple dashboards providing various views of vulnerabilities.” The review specifically highlights the value of the enterprise dashboard, including how it “shows the development of issues over time, so organizations can see when and where their team made security improvements.”

CSO Magazine also notes how ZeroNorth can notify business owners of scan results pertaining to their applications, so “people at an organization who are the most vested in fixing a specific problem can get to work on it right away.”

Eliminate vendor lock-in with seamless operability

As CSO Magazine notes, ZeroNorth includes a wide range of open source scanning tools embedded directly into the platform, that can be activated from the UI while additional open source or commercial scanners can be easily added. CSO Magazine recognizes ZeroNorth’s ability to help eliminate vendor lock-in by making it easy to swap out tools while maintaining a global repository of configurations and policies in the platform. Once a tool has been added or replaced, you can track its effectiveness directly through the ZeroNorth dashboard. Additionally, SC Magazine calls out ZeroNorth’s built-in customized integrations, which support “seamless operability with other products and APIs.”

Shift left for secure DevOps

A core use case of ZeroNorth is secure DevOps. Both reviews recognize the platform’s ability to help organizations “shift left” while empowering developers to become more security-aware. SC Magazine states, “ZeroNorth establishes a governance model that parallels the DevOps pipeline and automates and orchestrates the entire vulnerability management process.”

Get unrivaled, expansive flexibility

In its summary of the group test, SC Magazine states that ZeroNorth delivers 9 out of 10 core specifications required for effective application security automation and orchestration, thereby recognizing the depth and breadth of the platform. In its review, SC Magazine asserts that, “The entire platform offers unrivaled, expansive flexibility”” and “this cloud-based platform maximizes time-to-value and requires virtually no setup, adding to its ease of use and accelerated remediation.”

In its review verdict, SC Magazine concludes, “Businesses large and small, particularly those interested in PCI compliance, will appreciate ZeroNorth’s scalability, as well as its actionable, prioritized integration with DevOps environments.”

We couldn’t have said it better. You can read the full CSO Magazine and SC Magazine reviews here.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

ZN Logo for Blog


ZeroNorth Appoints Bruce McPherson as Vice President of Engineering

By ZeroNorth Jul 19, 2021

There are a number of paths companies may take on the journey to true DevSecOps. Regardless the route, one constant holds true: the need for a ...

Read More


On the Importance of Juneteenth

By ZeroNorth Jun 18, 2021

This Saturday, June 19th—otherwise known as “Juneteenth”—marks an auspicious day dedicated to African American history and the official end of slavery in the US. Symbolically, it ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.