OX Security, a pioneer in application security (AppSec) and founding member of the Open Software Supply Chain Attack Reference (OSC&R) framework, launched the industry's first ever Active Application Security Posture Management (ASPM) Platform today. This innovative platform, the latest iteration of OX Security's offerings, merges the limitations of previous solutions by incorporating active analysis in an AppSec solution.
The new platform brings a proactive and integrated solution that combines AppSec practices with superior visibility and traceability, contextual prioritisation, and automatic, no-code workflow-driven responses. This active approach aims to pinpoint and tackle crucial threats continually and accurately, thereby reducing alert fatigue significantly. As a Gartner Cool Vendor, OX Security's Active ASPM platform also enables development and security teams to deliver secure applications while considerably decreasing operational friction.
Neatsun Ziv, Chief Executive Officer and Co-Founder of OX Security, noted: "Security and development teams are overwhelmed with manual AppSec tasks and find it challenging to maintain a balance between speedy development and ensuring secure releases.
"Our principle is to equip organisations with a solution that caters to the current application security demands while preparing for future hurdles," he said.
"OX Active ASPM Platform is a testament to this dedication and our mission to eliminate manual AppSec practices. With its state-of-the-art data collection capabilities and seamless no-code automation, our platform is designed to scale with organisations, adapting to their ambitions and expansion."
This active ASPM also helps organisations maintain pace with the ever-evolving regulatory environment by providing a software lineage list that aligns with new standards such as the EU Cybersecurity Act, CISA, and NIST Cybersecurity Framework. This proactive adaptability to global regulations ensures that organisations are equipped to meet today's demands and future regulatory changes.
Amongst the many features and capabilities, OX's Active ASPM provides continuous end-to-end coverage integrating seamlessly with the users' source control, CI/CD, registry, and cloud environments, thus eliminating the need for multiple tools. The platform offers a comprehensive attack path analysis enabling users to visualise and swiftly address security concerns, substantially accelerating response time. Moreover, the inclusion of a 3-layer model for active context analysis reduces noise by over 95%, offering comprehensive Dockerfile insights, plaintext secrets identification and detailed open-source security analysis to ensure proactive security against vulnerabilities.
A crucial feature is the No-Code Workflow Automation, which simplifies the creation of custom workflows and enhances security by preventing lapses in production, thus, leading to quicker version releases and a more efficient, secure development environment.
Hadass Harel Lavie, security architecture manager at eToro, acknowledged the platform's transformative potential stating, "The OX Active ASPM Platform is a game-changer in AppSec. It has enhanced our security posture and streamlined our secure development process, allowing us to seamlessly embed security into our development lifecycle."