Optimizing Application Security with OX Security's Attack Path Reachability Analysis
May 07 2024 - 11:00AM
Business Wire
New Features Empower Organizations to Mitigate
Risks in Software Supply Chains
RSA CONFERENCE -- OX Security, a leader in Active
Application Security Posture Management (ASPM) and a founding
member of the Open Software Supply Chain Attack Reference
(OSC&R) framework, today unveiled its latest innovations:
Attack Path Reachability Analysis, SaaS BOM, and API BOM. These new
features provide enterprises with immediate insights into software
supply chain risks originating from code, APIs, and cloud
environments. By visualizing and mapping the attack path, users can
adopt an adversary's mindset, distinguishing between critical
vulnerabilities and general hygiene issues to enhance risk
mitigation.
With a striking 742% increase in software supply chain attacks
from 2019 to 2022, the urgency for proactive security measures has
never been greater. However, AppSec teams continue to grapple with
the overwhelming task of filtering through 90% of meaningless data
brought on by a barrage of alerts without evidence.
To tackle these issues, OX Security provides a new visualization
and data layer that evaluates exploitability, applicability, and
reachability even extending to the discovery of all APIs exposed by
an organization’s applications. Unique to OX, this approach covers
a broad spectrum of attack vectors, including vulnerabilities in
third-party libraries, supply chain attacks on build systems, and
compromised software updates, moving beyond the conventional tools
that often burden AppSec teams with lengthy lists of issues.
"With OX Security's latest advancements, we are not merely
reacting to these challenges, we are preempting them," states
Neatsun Ziv, CEO and Co-Founder, OX Security. "This is about
transforming how organizations protect themselves by providing not
just data, but actionable insights; not just information, but a
comprehensive understanding through the Attack Path which is
connected by an AppSec Data Fabric. This is the future of security—
intuitive, powerful, and absolutely essential."
Features Include:
Comprehensive Vulnerability Insights for Effective Threat
Modeling: Detailed visualizations provide users the insight to
dissect potential attack vectors, entry points, data flows, and the
likely progression of an attacker from code to API, network, and
cloud. This level of detail provides customers with crucial data on
the direct impact and exploitability of identified issues,
empowering them to focus on actual risks rather than theoretical
severity.
Holistic Issue Review: Three tailored levels of security
analysis — Code, API and Cloud Analysis — are integrated into one
comprehensive evaluation. This unified approach not only deepens
understanding of threats but also ensures that every potential risk
is identified and assessed, enhancing the effectiveness of security
measures.
Targeted Issue Prioritization Based on Reachability,
Applicability, and Exploitability: Through proprietary data
collection, de-duplication and normalization, risks are
meticulously prioritized based on reachability, applicability, and
exploitability. This strategic focus allows customers to
concentrate their remediation efforts on the most accessible and
critical vulnerabilities via APIs, SaaS, and cloud environments,
significantly minimizing potential risks.
Real-time Cloud Monitoring and Artifact Management: The
platform systematically tags applications based on their exposure
and tracks artifacts to assess their activity in cloud
environments, enabling customers to efficiently monitor and verify
the operational status of artifacts and containers in the
cloud.
Advanced Asset Inventory with SBOM+ and API/SaaS BOM
Drill-Downs: Enhanced BOM capabilities provide a comprehensive
review of libraries, API usage, and SaaS dependencies. These
detailed inventories not only prevent surprises but also reduce
manual tracking errors and ensure that users have immediate access
to the most current insights, especially critical in managing
third-party incidents.
"The integration of Attack Path Reachability Analysis into the
Active ASPM platform easily brings traditional security
methodologies to AppSec teams, empowering organizations to
strategically allocate resources to areas of greatest risk. This
approach not only enhances the efficiency of AppSec, DevOps, and
product teams but also magnifies their overall impact," stated Lior
Arzi, Chief Product Officer and Co-Founder of OX Security.
About OX
At OX Security, we’re unifying application security (AppSec)
with the first-ever Active ASPM platform, which ensures seamless
visibility and traceability from code to cloud. Leveraging our
proprietary Pipeline Bill of Material (PBOM) technology, OSC&R
framework, and Attack Path Reachability Analysis, OX delivers
comprehensive security coverage, contextualized prioritization, and
automated response and remediation throughout the software
development lifecycle. Recently recognized as a Gartner Cool Vendor
and a SINET 16 Innovator, OX is trusted by dozens of global
enterprises and tech-forward companies. Founded by industry leaders
Neatsun Ziv, former VP of CheckPoint’s Cyber Security business
unit, and Lior Arzi from Check Point's Security Division, OX’s
Active ASPM platform is more than a solution; it empowers
organizations to take the first step toward eliminating manual
AppSec practices while enabling scalable and secure
development.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240507155622/en/
Suzanne Tuchler Eskenzi PR for OX suzanne@eskenzipr.com
408-307-6900