The SOC is Set. Next Up: Orchestration and Automation for Application Security

Central AppSec Management

Publish Date

Nov 13, 2018

Written by

ZN Logo for Blog

ZeroNorth

Tagged with

  • Application Security
  • Automation
  • Orchestration
  • Phantom
  • SOC
  • Splunk

As we know all too well, cybersecurity is a field suffering from a staggering talent shortage. Security approaches that focus on disparate tools and human capital initiatives just don’t cut it – not when the pace of innovation is fast and furious and, in tandem, the pace and severity of threats continue to grow and become increasingly automated. Security teams are short staffed, over taxed and behind the eight ball.

The situation certainly signals the need for DevOps security automation to accelerate from human to machine speed. “Skills shortages, technical complexity and the threat landscape will continue to drive the move to automation and outsourcing,” Gartner says. Nineteen percent of enterprise organizations (i.e. more than 1,000 employees) are already extensively adding technologies for security operations automation and orchestration, and 39 percent are doing so on a limited basis, according to ESG research.

Splunk scooping up cybersecurity innovator Phantom for $350M earlier this year served as a strong indicator that the industry is moving to embrace automation and orchestration on a broader scale. In Splunk’s case, the company has “decided to add a dedicated security operations automation and orchestration toolset to its security information and event management (SIEM) platform,” according to ESG’s Jon Oltsik. A smart move to help Splunk’s customers remediate identified issues faster and more efficiently than ever before.

Market Momentum for Automation is Happening Beyond the SOC
This groundswell for security automation is, and should be, happening beyond the SOC. Take, for example, code and application security. In order to keep up with the velocity of development, IT and security leaders are recognizing the need to shift toward a new approach where automation and orchestration are at the foundation of the application development and deployment processes.

Why? Given the frequent, and unfortunately massive, breaches that have occurred due to application vulnerabilities, the current approaches to security testing aren’t working. Code and application security testing need to be seamlessly embedded into the software development lifecycle. This is an important principle behind DevSecOps, integrating security visibility and assurance from code check-in to production and ongoing operations.

In fact, Gartner reports in “10 Things to Get Right for Successful DevSecOps” that “by 2019, more than 70% of enterprise DevSecOps initiatives will have incorporated automated security vulnerability and configuration scanning for open-source components and commercial packages, up from less than 10% in 2016.”*

ZeroNorth brings orchestration and automation to software development. By integrating with security and DevOps tools across the development lifecycle, ZeroNorth delivers continuous visibility and assurance across all code repositories, application deployments and cloud infrastructures. We automate and orchestrate code and application security testing, reducing application vulnerability exposure and enabling security at the velocity of DevOps.

Read how organizations like Zerto, a cloud IT Resilience platform, automates and orchestrates disparate tools to achieve one source of the truth for risk, compliance and vulnerability management across its dynamic development environment.

*Source: Gartner “10 Things to Get Right for Successful DevSecOps” by Neil MacDonald, Ian Head, 3 October 2017.


eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now

Videos

Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

Application Security

ZeroNorth Joins Veracode’s Technology Alliance Program

By ZeroNorth May 10, 2021

Companies looking to extend the power of better application security (AppSec) just received some good news! Veracode, the largest global provider of application security testing (AST) ...

Read More

Application Security

How Emerging AppSec Solutions Can Actually Boost Your ROI

By ZeroNorth Feb 9, 2021

Historically, investments in application security (AppSec) have been seen as financial black holes, with never-ending cost and complexity. And yet, they are a necessity in today’s ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.