BENGALURU —New Relic introduced New Relic Vulnerability Management to help organizations find and address security risks faster and with greater precision. With this launch, every engineer in the software team, including security engineering teams, can use New Relic as the default platform to aggregate native and third-party security signals in context of the entire software stack for a comprehensive approach to security and risk management. Engineering teams will be able to manage security risk at scale and accelerate secure software delivery and operation. The new vulnerability management capabilities will be available free-of-charge for every full platform user with the Data Plus SKU, delivering more value to every existing New Relic customer.
Securing modern software applications is a complex problem. Nearly every software experience consists of thousands of components that can span multiple clouds and open-source projects, which are often owned by multiple engineering teams and third parties. Each component has the potential to carry security vulnerabilities. In order to detect all vulnerabilities, software teams have historically resorted to using several disparate security solutions, leading to a siloed understanding of security risks that can create blind spots and increase business risk.
New Relic solves the same problem for DevOps use cases with its observability platform, collecting performance signals from multiple sources to provide complete visibility across the stack. New Relic Vulnerability Management extends its open ecosystem approach and is the only observability platform on the market that allows customers to easily aggregate native vulnerability detection and existing security data from the security solutions they already use. As a result, engineering teams like DevOps, SecOps, NetOps, and SRE will have total visibility of all of the vulnerabilities in their software stack in a matter of minutes, so they can collectively understand and close security gaps, and ultimately protect their customers’ data.
“Minimising security risk across the entire software development life cycle is imperative—and we are seeing more pressure on DevOps to manage risk while making sure it doesn’t become a blocker to the pace of innovation,” said New Relic CEO Bill Staples. “New Relic Vulnerability Management delivers more value to engineers harnessing the power of observability with our platform approach, and accelerates our mission to help every engineer do their best work with data, not opinions.”
“Open source is a common source of vulnerability. According to New Relic’s 2021 Observability Forecast, over half (57%) of organisations in ASEAN are investing 5-10% of their budgets into open source, with almost a third (30%) committing over 10% of their budgets,” said New Relic Chief Architect for Asia Pacific and Japan Peter Marelas. “With increasing investment in open source technologies, there is a clear need to surface software vulnerabilities to all engineers through the SDLC so they are empowered to address them before they turn into production security incidents.”
By mapping and correlating technical components, engineers can contextualise many security signals in one place to monitor, debug, and secure the entire software stack and reduce overall risk more effectively. New Relic Vulnerability Management also helps engineering teams:
- Seamlessly integrate third-party security tools with native vulnerability detection for unified security in context.
- Break down silos and create a deeper understanding of security across organisations with strongly opinionated KPIs.
- Prioritise security risk with entity correlation and topological analysis within the curated New Relic product experience.
- Identify actions to remediate risk, integrate directly into ticketing systems, and provide an audit trail of decisions and actions to integrate security workflows throughout the SDLC.
- Unite and address vulnerabilities during development as well as in pre-production and production environments.
According to Forrester Research, “Defend Against Cyberattacks And Emerging Threats”, August 2, 2021, “The goal is not to prevent an intrusion, the goal is to help the organisation become a trusted business. Trusted businesses do not allow multiple intrusions to occur, or they will not remain trusted. This phase is not a failure state, but an opportunity for transparency and improvement, especially by demonstrating to customers and employees that they are the victims here. This is where observability for constant situational awareness, effective analytics, and expertise converge to find sophisticated and emerging threats that bypassed the earlier stages.”
For more information and the opportunity to sign up for early access visit www.newrelic.com/platform/vulnerability-management-early-access.