With the launch of ConnectorX, a click and connect platform for 3rd party security tools, and Risk Intelligence Graph enhancements, Cycode delivers the horsepower needed to reign in AppSec Chaos
Cycode, the leader in Application Security Posture Management (ASPM), unveiled ConnectorX, an open, click and connect ASPM connector capability that features inaugural support for Wiz and Black Duck, in addition to more than 40 existing SDLC integrations. This comes along with significant enhancements to its Risk Intelligence Graph (RIG) for smarter, risk-based prioritization. With this launch, Cycode delivers the capabilities needed for a complete approach to ASPM, enabling security and development teams to align, build trust and collaborate on maintaining strong application security posture.
“Today, many organizations face hefty application security backlogs packed with mis-prioritized security findings and inadequate resources to address them while the application attack surface continues to expand,” said Jim Mercer, Research Vice President of DevOps and DevSecOps at IDC. “These organizations can improve visibility and agility across application security and the pipelines supporting those applications by using solutions such as the Cycode ASPM platform, which takes a multidimensional approach tracking the risk posture of the application.”
These challenges have led to conflicts between security and development teams, creating what Cycode coined “AppSec Chaos” — ultimately eroding trust between the two groups. Cycode prides itself in introducing a new philosophy that fosters improved collaboration between security and development teams, transforming Developer Security into a team sport.
Some key enhancements to Cycode’s complete ASPM include:
- ConnectorX – Cycode’s click and connect 3rd party ASPM integration platform that provides companies with the choice to use Cycode’s native ASPM tools or maximize their investments in their existing AppSec tools. Using ConnectorX, companies can plug in any AppSec solution (i.e. SCA, SAST, Secrets, etc.) and within minutes, gain accurate, real-time visibility into their security posture.
- Risk Intelligence Graph (RIG) – Leveraged by Cycode’s native security solutions and ConnectorX, the RIG is its ASPM engine that provides complete code to cloud traceability and automates vulnerability discovery, prioritization and remediation. This release includes enhancements to the RIG’s risk scoring capabilities, a core component of its prioritization engine that bolsters its ability to hone in on the 1% of critical vulnerabilities that matter most to the enterprise.
- Consolidation is now possible – With the Cycode Complete ASPM, companies can use Cycode’s native scanning solutions like (SAST, SCA, IaC, Secrets, CI/CD, etc.) or decide to continue using their existing solutions. Now, managing the burden, cost, inefficiencies and choices from developers of having too many siloed (and vendor-locked) security tools from code to cloud can be behind us.
“We believe developer security is a team sport not just between security and development teams, but industry-wide,” said Lior Levy, Co-founder and CEO, Cycode. “This belief fuels our R&D efforts and was core to our decision to create ConnectorX, which ensures companies can finally have the visibility always needed in a single platform.”
As a Cycode customer, theScore uses one platform dedicated to developer security now that a complete approach to ASPM is possible.
“In security, scanning data is important, but it’s more than that. It’s the data collection. It’s the correlation. It’s being smart with the data to understand the full picture of your risk, to understand what alerts to focus on first,” said Jamie Sadler, Head of Application Security at theScore. “Cycode was the only platform that was being smart with their data.”
[To share your insights with us, please write to email@example.com]