Cycode, the leadingย application security platform, announced the launch of Cimon, a seamless solution that enhances the security of CI/CD pipelines to prevent softwareย supply chainย attacks such as those that targetedย SolarWindsย and Codecov.
CI/CD pipelines currently lack visibility, making them the most sensitive link in the SDLC, and many organizations have thousands of unmonitored pipelines prone toย supply chainย attacks.ย Cimonย stops these attacks by utilizing the innovative solution ofย eBPFย (extendedย Berkeleyย Packet Filter), a technology that provides visibility into the build system, including thwarting malicious behavior, with minimal disruption.
CIO INFLUENCE: World Password Day: Password advice for CIOs
With this visibility,ย Cimonย can inspect network connections to learn standard behaviors by running processes and file modifications within the CI pipeline. This knowledge enablesย Cimonย to detect and prevent abnormalities, including real-time threats andย zero-day attacks.
“There is a great deal of confusion about the scope of the softwareย supply chainย and all theย attack vectors; consequently, most organizations are unaware of their exposure and are inadequately protected, leaving them prone toย supply chainย attacks.The innovation delivered by the Cycodeย Cimonย solution provides the community with a new and straightforward way to monitor and safeguard their CI/CD software pipelines,” saidย Jim Mercer, Research Vice President ofย DevOpsย and DevSecOps at IDC.
CIO INFLUENCE: CIO Influence Interview with Lior Yaari, CEO and Co-Founder at Grip Security
Withย Cimon, organizations can expect:
- Prevention of CI Attacks:ย With low effort and seamless integration, users remain protected against all possible attacks on the CI pipeline, includingย zero-day attacks.
- Instant Threat Detection:ย Cimonย prevents attacks such as malicious package installation,ย typosquatting, repojacking, dependency confusion, dependency hijacking and other dependency attacks.
- Easy Integration:ย Cimonย is developer friendly and is easily integrated with popular CI/CD tools.ย Cimonย provides comprehensive documentation and requires minimal configuration and integration with theย development environment, such asย GitHub.
โOrganizations can easily integrateย Cimonย with all their CI/CD tools for free and secure their pipelines without any delay or errors,โ saidย Ronen Slavin, co-founder andย CTOย of Cycode. โAsย Cimonย saves time in vulnerability and threat response procedures, teams can implement and adopt security measures without any worry of error or exhaustion.โ
CIO INFLUENCE: CIO Influence Interview with Russ Ernst, Chief Technology Officer at Blancco
[To share your insights with us, please write toย sghosh@martechseries.com]
