Contrast extends its application security platform with Contrast Serverless Application Security that will initially support AWS Lambda as survey finds two-thirds of respondents say security is critical or very important to their serverless application strategy
Contrast Security, the leader in next-gen software security, announced the upcoming release of Contrast Serverless Application Security, a breakthrough application security solution designed specifically for serverless application development that will initially support AWS Lambda. The new purpose-built security solution taps a global serverless architecture market that will reach a reported $25.49 billion by 2026.
The breakthrough addition to the Contrast Application Security Platform empowers developers to automatically detect security vulnerabilities directly within serverless environments and validate and prioritize alert test results for remediation. Using context-based static and dynamic engines, Contrast can improve the operational efficiencies of serverless security by 50% while accelerating development release cycles.
Top iTechnology Automation News: Accenture and Splunk Form Business Group to Help Organizations Capitalize on Cloud and Drive Greater Value From Data and Analytics Insights
Rapid Growth of Cloud-native and Serverless
According to Contrast’s new State of Serverless Application Security Report, serverless computing is the next step in the two-decade-long process of removing friction from the software development life cycle (SDLC) to improve the speed, scalability, and cost efficiency of software development. With serverless computing becoming mainstream during the COVID-19 pandemic, the survey found that more than 70% of respondents report that 6 or more of their development teams now work on serverless applications.
The survey results also show that organizations are concerned about application security, specifically for the security of their serverless applications, with two-thirds of respondents saying serverless security is critical or very important to their cloud-native strategy. However, 54% said they failed an audit indicating they do not have full observability into their organization’s serverless security. Additionally, nearly 60% of respondents admit the lack of purpose-built security tools is a major problem.
The primary reason is that serverless security issues are fundamentally different from those of web applications. Specifically, serverless risks go beyond code-level vulnerabilities because every serverless function is self-contained with its own perimeter and permissions. Combined with a high number of functions typically used in applications, the attack service is broad. Traditional application security tools were built for web applications and miss these key risks unique to serverless applications.
“We’ve seen a few startups that focus on protecting serverless environments at runtime, but Contrast appears to be the first vendor offering to secure serverless in the development pipeline, a requirement that is just as important, but that has so far gone largely unaddressed,” said Rik Turner, Principal Analyst for Cybersecurity at Omdia. “The fact that it also tracks least privilege usage is another key feature.”
Top iTechnology Cloud News: Pismo Raises $108 Million Series B Led by SoftBank, Amazon and Accel to Enable Cloud-Native Financial Services Globally
Contrast’s Serverless Application Security Approach
The Contrast State of Serverless Application Security Report also found that almost every organization makes some use of the four major cloud container services, although those offered by Amazon rank highest in importance at most organizations. On that note, half of the respondents report that the typical application has more than 10 AWS Lambda functions. Unfortunately, security has not kept up with the rapid pace of innovation in serverless technologies. Recognizing that many developers are embracing AWS Lambda for application deployments, the new Contrast Serverless Application Security solution initially supports AWS Lambda deployments and takes just minutes to get up and running.
The complimentary, purpose-built solution for serverless application security ensures that security and development teams get the testing and protection capabilities they need without legacy inefficiencies that delay release cycles. Contrast’s solution harnesses the power and data of serverless architectures to map all the resources within the environment, execute static code scans, and simulate tailored dynamic attacks. It automatically validates and prioritizes test results with accuracy that eliminates false positives and alert fatigue that plague traditional application security approaches—with upwards of 85% of alerts turning out to be false positives.
Three-click installation, zero configuration, and automated operations all support developer-friendly deployment. Solution features include:
- Dynamic Environment Scanning. Automatically initiates tailored, dynamic security assessments based on any specific updates introduced to the testing environment in real time. This greatly improves the ease of pentesting versus manual approaches. Dynamic scans are based on the interpretation of OWASP Top Ten benchmarks, including SQL injection, code injection, command injection, and local file inclusion.
- Resource Mapping. Automatically discovers all resources (e.g., S3 bucket, API Gateway, DynamoDB) and their relationships within tested environments in a few short minutes per session.
- Code Scanning. Automatically executes assessments of relevant code and configuration to discover new vulnerabilities in near real time with recommended context-rich remediation guidance. Vulnerability types covered include:
- Least privilege:Â Identity and access management (IAM) vulnerabilities (over permissive functions) within serverless workload prior to deployment
- Software composition analysis (SCA):Â Analysis of open-source libraries using Contrast’s unique open-source security engine
“Traditional application security approaches were not built for serverless applications,” said Steve Wilson, Chief Product Officer at Contrast Security. “Our new serverless security capabilities empower developers to detect and remediate serious security vulnerabilities easily and quickly. This unleashes the full potential of the cloud and serverless while dramatically reducing the risk of vulnerabilities in these environments.”
Top iTechnology AIOps News: DataRobot Names Nenshad Bardoliwalla as Chief Product Officer
[To share your insights with us, please write to sghosh@martechseries.com]