Checkmarx has released Checkmarx Application Security Posture Management (ASPM) and Cloud Insights
June 2024 by Marc Jacob
Checkmarx has released Checkmarx Application Security Posture Management (ASPM) and Cloud Insights to provide organizations with unmatched visibility into their application security posture stretching from code to cloud. Available on the Checkmarx One AppSec platform, ASPM and Cloud Insights empower enterprises developing cloud-native applications to dramatically reduce application and business risk by delivering end-to-end insights into their application security posture, helping them better correlate, prioritize and triage remediation efforts.
Checkmarx ASPM correlates and prioritizes security signals from every application security solution in the enterprise development environment, to improve visibility, reduce risk and better manage overall application security posture. ASPM is built on Checkmarx’ award-winning Fusion correlation engine and Application Risk Management, which already extracted unique insights from our consolidated AppSec platform, such as identifying reachable vulnerabilities. It now adds a new capability to Bring Your Own Results (BYOR) to expand coverage beyond Checkmarx’ award-winning solutions by importing SARIF and OSCF results from any third-party solution, including those from Checkmarx partners such as Zimperium, Onapsis and others.
With Checkmarx Cloud Insights, developers and AppSec leaders benefit from:
• Correlation and integration of Checkmarx data with data from cloud service providers (CSPs) and cloud-native application protection platforms (CNAPP).
• New ways to prioritize remediation, including through open-source libraries called in the runtime environment (via integration with Sysdig) and by internet-facing network exposure when deployed in the cloud environment (through partnerships with Wiz and Amazon Web Services.) The information is integrated within Checkmarx Application Risk Management.
• The ability to track remediation of a vulnerability through the software development life cycle (SDLC) by way of the attack path. For example, if a vulnerability is found in a running application, Cloud Insights:
• Identifies the repository and the developer to speed the process of remediation
• Pinpoints the container image to verify that the fix is reflected there
• Lists the running container clusters to enable verification that the running application was rebooted with fixed images and is no longer in the running environment.
• Improved developer experience with the delivery of prioritized risk intelligence that focuses developers on remediating vulnerabilities that are most critical, are most at risk of exploitation or that represent the greatest risk.