Cloud Security, Application security, DevSecOps

Apiiro aims to fix critical cloud risks in runtime

A security logo is shown on screen during a keynote address at CES 2016 on Jan. 7, 2016, in Las Vegas. (Photo by Ethan Miller/Getty Images)

Apiiro on Thursday announced the expansion of its platform from code to runtime. The company claims that its cloud-native platform can now connect application risks in runtime back to the source code to fix critical risks in the cloud and reduce remediation time by 90%.

Fixing critical risks in cloud environments such as design flaws, vulnerabilities, misconfigurations and architecture drifts early in the software development lifecycle has become essential for business growth. But developers can’t always fix them because they don’t have the required context and are constantly hit with noisy alerts and false positives from siloed tools.

Apiiro’s platform promises to visualize the application architecture, connect any type of cloud-native application risk to a container image that’s running in the Google Cloud Platform, Azure, and AWS via a simple API integration that delivers contextual remediation workflows.

“This is the right approach to help developers efficiently fix problems as they are found, throughout the software development lifecycle,” said Melinda Marks, a senior analyst at the Enterprise Strategy Group. “Organizations need to do what they can to prevent coding errors or misconfigurations from being deployed, and when issues are found in runtime, they need to have a way to quickly remediate it. The more context your solution has, the more efficient you can be — with developers spending their time on what matters, and there is less work for security because you have fewer incidents and faster MTTR.”

Marks added that other companies taking a similar approach bringing runtime context into faster fixes for development include: PAN Prisma, Orca, Lacework, Wiz, Tenable, Qualys, and TrendMicro. Marks view this this as the evolution of cloud security posture management (CSPM) into a cloud-native application protection platform (CNAPP) with the CSPM vendors trying to tie in the appsec/developer security solutions so they can fix things faster. “When the CSPM identifies a problem, it has the info to quickly get it to the developer to fix it,” Marks explained.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.