Every API, service, dependency & sensitive data to map the application attack surface (SBOM)
Everything is becoming code, so code is becoming synonymous with infrastructure and applications of the of the past are no longer what they used to be. Right now, the connectivities, and ability to spin up infrastructure along with application change can happen on the fly. So it’s very important for us to be able to leverage tools that can give us full visibility across AppInfra and with Apiiro we can do that. Prior to joining Imperva, I was the head of multiple application security programs at Citigroup and really running everything from processes, control requirements for development to different capabilities around programs related to biometrics all the way through risk assessments.
The challenges, DevOps, honestly, it’s a culture. It’s not about the speed now becoming part of the norm. It’s really about moving from Agile to truly CI/CD, which is really focusing around the entire lifecycle and also very clearly defining the roles that are needed to manage the rapid development in a fully automated, systemic lifecycle that addresses risk, that addresses security and addresses compliance. Where Apiiro comes into the picture is really addressing the fundamental challenge for a lot of large organizations and midsize organizations have to contend with, which is really understanding the change from architectural design perspective.
Traditionally, you would have to do a threat model. You’ll have to look at, you know, what are the attack surface, what are the new connectivities and are those secure. With Apiiro you can get that response. So, even if it wasn’t a particular ruleset that’s built in to customize what you want to know from a security risk perspective, Apiiro can tell you that information upfront. So you can have risk conversation conversation, you can have a design question addressed long before it becomes a security risk or even a compliance risk. So Apiiro now has ability to really give me the view from both inventory. Give me the view from risk and also give me the view from the security posture perspective. And getting that all, being able to be flexible, to modify it as I need to, based on how operating, is significant. And that’s where, I think the value comes from more than from anything else.