CAST looks to system analysis to predict threats
New tool is said identify vulnerabilities and eliminate false positives
In 2015, IBM CEO Ginni Rometty said that cybercrime is the greatest threat to global business today. Two years on, and we're in the same place - albeit with the slightly gloomy knowledge that hackers are eventually going to penetrate even the best perimeter defences.
Accepting that fact, CAST has developed a tool to enhance in-network security.
CAST for Security enforces architectural constructs to protect data. Technology from the Application Intelligence Platform is combined with rules for static application security testing (SAST) to identify spots in the network that are vulnerable to an attack and eliminate false positives.
According to CAST, its product is different from others that 'only look for intrusion vulnerabilities, like SQL injection and cross-site scripting.' By using AIP's system-level analysis, the company says that it can identify vulnerable data call pathways.
"We see organisations coordinating security with quality initiatives increasingly overall and also as a part of DevSecOps initiatives; applying system-level code analysis to help secure applications during development is a key aspect," said Melinda Ballou, a research director at IDC. "Providing contextualised software analysis to reduce noise and help eliminate false positives that distract from actual software vulnerabilities enable visibility and higher success for security and quality strategies."
Olivier Bonsignour, EVP of product development at CAST, said, "Cyber risk and security challenges have moved beyond network-level issues to the application layer. To be successful in this new paradigm, CIOs must adopt a holistic, proactive and design-based approach to securing applications while not overwhelming development teams."
Have you booked your table for the Computing Security Excellence Awards yet? Taking place on the 23rd November, the Awards will celebrate the leaders of the cybersecurity industry. Find out more here.