The CNCF has announced the release of its End User Technology Radar on DevSecOps, which provides recommendations on emerging technologies. It groups technologies into three categories: Assess, Trial, and Adopt.
The Assess category includes Cilium, Harness, Sonatype Nexus, HashiCorp Sentinel, GitHub Actions, Linkerd, and Trivy. XRay is in the Trial category. Adopt includes technologies such as Istio, Sonarqube, Artifactory, HashiCorp Vault, Calico/Tigera, Terraform, ArgoCD, and OPA.
“The maturity of cloud native software has enabled organizations to design more complex and layered architectures with Kubernetes as a centerpiece,” said Katie Gamanji, ecosystem advocate, Cloud Native Computing Foundation. “However, a mature ecosystem implies that security is tightly intertwined in the development cycle. By shifting security to the left, organizations can share ownership across teams and define DevSecOps principles, enabling specialists to focus on vulnerabilities in well-known components and creating fast and effective feedback loops.”
Cymulate introduces new security capabilities
It released two new solutions: Attack Surface Management (ASM) and Vulnerability Prioritization Technology (VPT).
ASM discovers exploitable external assets by emulating real attacks to identify assets and determine how they might be exploited. It maps finding to the MITRE ATT&CK framework’s TTPs so that companies can take mitigation steps.
VPT integrates with vulnerability scanners and predicts the potential impact of a vulnerability on the overall security posture.
“Our customers were facing an ongoing challenge of patching vulnerable assets,” said Avihai Ben-Yossef, co-founder and CTO of Cymulate. “We looked at the possibility of acquiring a company that collects attack surface data for contextualizing the vulnerabilities presented by Cymulate, but after much research we saw that existing ASM solutions do not offer organizations the full coverage they need to optimally produce a contextualized vulnerabilities prioritizing list. We are proud to have developed a solution in-house that meets the needs of our customers.”
Barracuda expands incident response capabilities in email protection solution
The new capabilities are part of Barracuda Total Email Protection, and include expanded public-facing APIs and new automated workflows.
“Malicious emails may end up in a user’s mailbox, and when they do, they need to be addressed quickly. Many organizations lack the information and tools security admins need to address these incidents, which results in a manual, inaccurate, time-consuming process,” said Don MacLennan, SVP of engineering and product management for email protection at Barracuda. “The expanded incident response capabilities address this and help customers easily create custom workflows to automate their email response, saving them time and ensuring a consistent and efficient response to email threats.”