Aricent Deploys HAVOC to Manage Cybersecurity Aricent Launches Intelligent Security Automation SystemCompanies can catch product and infrastructure vulnerabilities faster and earlier in the DevOps cycleAricent, a leading global design and engineering company, announced the launch of its Highly Automated Vulnerability Assessment Orchestration Containers (HAVOC) framework that manages cyber risk by catching significant security vulnerabilities before they are exploited. Companies are under pressure to launch products and services faster without exposing themselves to cyber risk. However, shorter time to market lifecycles and latent vulnerabilities raises the likelihood of more successful denial of service attacks and data breaches. Aricent’s HAVOC solution addresses the need to understand the nature of vulnerability risk through a combination of precision coverage, superior probability and statistics, and speed of decision making. According to researchers, the costs of ransomware in 2015 was $325m and rose to $5bn in 2017. In the next five years, the cost could reach $8 trillion. Conventional security management of products is based upon monolithic risk models with infrequent pre-release tests and random post-deployment assessments. These methods are unable to keep up with the advancing threat levels to product security and are not evolved to accommodate the speed and rigor of Agile or DevOps processes. While
latent software defects will always exist, the challenge is remediating
vulnerabilities that can be readily exploited. Through
a high-performance graph database, the tool reduces the time to
prioritize and correlate thousands of findings that can span software
source code, run-times, protocols stack, application interfaces and
cloud-native implementations.
HAVOC
increases speed, verification and frequency of build, test and
deployments lifecycles. This results in safer, more secure applications
and
safeguards businesses from legal, business and economic problems. “The
idea is to create as much deliberate “havoc” on a network or product so
when they get hacked, and they will, the hurdle for compromise
is extremely high or hopefully non-existent. For example, we worked
with a large cloud provider to shift security testing of OpenStack
services much earlier in the lifecycle. We orchestrated best of breed
vulnerability scanners from static code analysis, penetrating
testing and quality assurance, to generate detained findings to fix
what matters most.” said Walid Negm, Chief Technology Officer at
Aricent. Source: Aricent media announcement |