Veracode Launches New Security Testing Tools to Tackle Expanding Attack Surfaces Global application risk management leader, Veracode, has recently announced several new features aimed at helping organizations address emerging threats and gain a more comprehensive security view. These innovations include AI-enhanced dynamic security testing (DAST) and external attack surface management (EASM) capabilities, designed to identify and prioritize risks across an organization's entire attack surface, thereby simplifying and accelerating the security analysis process. Background and Causes Modern development cycles and the widespread adoption of cloud technologies have significantly expanded the attack surfaces of enterprises. According to Verizon’s 2024 Data Breach Investigations Report, web applications remain the primary target for cyber attacks, accounting for nearly half of all incidents. Furthermore, Veracode's latest software security report indicates that the average time to fix vulnerabilities has increased by 47% over the past five years, reaching three months. This growing trend necessitates more effective methods for managing and mitigating security risks. Key Features of EASM Veracode’s EASM functionality continuously monitors and identifies potential internet entry points, automating the discovery of the external attack surface. This includes tracking systems and services exposed on the internet, such as APIs, web applications, mobile applications, and cloud-based assets, many of which may be unknown or unmanaged. By automating this process, EASM uncovers blind spots, enabling security teams to promptly identify, analyze, and mitigate risks before they are exploited by malicious actors. Enhanced DAST with Enterprise Mode Another significant enhancement is the introduction of Enterprise Mode in DAST Essentials. This feature is tailored for large and complex application portfolios, offering several critical advantages: - Automated Deployment and Testing: Simplifies the setup of intricate test environments, reducing testing time. - Real-Time Analysis and Reporting: Provides real-time security analytics and reports on a unified platform, solving the issue of tool fragmentation. - Risk-Based Prioritization: Helps security teams focus on the most threatening vulnerabilities, improving remediation efficiency. Derek Maki, Veracode’s product director, commented, “In today's complex threat landscape, organizations face unprecedented potential entry points. Veracode EASM offers a solution from an attacker's perspective, allowing security teams to continuously identify and mitigate risks.” He added that the DAST Enterprise Mode significantly enhances dynamic application security testing, enabling teams to work faster, smarter, and safer. Benefits and Outcomes These new tools not only boost the productivity of security teams but also provide a holistic risk management perspective. Real-time detection and reporting allow for quicker identification and action on blind spots. Enterprises can effectively balance modern development speeds with security, ensuring their software is protected from code creation to cloud deployment. Future Plans: Veracode will showcase its latest security capabilities at the RSA Conference 2025 in San Francisco, from April 28 to May 1. Visitors can attend interactive demonstrations and technical discussions at booth 1243 to learn how to stay ahead of emerging threats and improve their security posture. Industry Expert Evaluation: Many industry experts have praised Veracode’s new tools, noting that they fill a significant gap in the market, particularly in automation and AI. Veracode’s reputation for innovation and robust support is further solidified, with thousands of organizations worldwide relying on its technology for precise, actionable risk management, real-time vulnerability repairs, and massive reductions in security debt. Checkmarx Enhances Developer Experience with Integrated Application Security Management Leading enterprise cloud-native application security provider Checkmarx has introduced a significant update to its Checkmarx One platform, directly embedding application security posture management (ASPM) functions into popular integrated development environments (IDEs). This move aims to simplify developers' security experiences, enabling them to identify and fix vulnerabilities more quickly, enhancing both efficiency and enterprise security. Challenges Addressed Studies show that over 72% of large enterprise developers spend more than 17 hours each week on security-related tasks, highlighting the importance of streamlining the AppSec experience. Checkmarx’s strategy is to integrate security earlier into the development process, rather than dealing with issues later, which can be less efficient and potentially more damaging. Core Features of Checkmarx One The enhanced Checkmarx One platform includes several key features: - Automated Security Detection: The platform automatically detects security vulnerabilities during code commits, providing instant feedback. - Contextual Recommendations: Offer detailed repair suggestions and best practices based on specific code segments. - Risk-Based Prioritization: Help developers quickly determine which vulnerabilities require immediate attention. - Team Collaboration Tools: Foster better communication and coordination between security and development teams. Katie Norton, a research manager at IDC, stated, “Integrating ASPM context directly into the IDE represents a forward-thinking approach to security management. By providing relevant information within the IDE and reducing reliance on late-stage ticket systems, Checkmarx enables developers to take timely actions and effectively improve collaboration between security and engineering teams.” Ori Bendet, Checkmarx's vice president of products, added, “The developer experience is no longer a nice-to-have but a critical component of every AppSec project. As organizations grapple with the expanding scope of application security, the key lies in empowering development teams. Checkmarx One offers all the necessary tools to make this happen.” Company Profile Checkmarx annually scans over one trillion lines of code, delivering a 2x return on investment (ROI) for businesses and boosting developer security task efficiency by 50%. Through its unified application security platform, Checkmarx supports development teams in managing application risks without compromising on speed. The company will demonstrate these developer-centric ASPM features at booth #942 at the RSA 2025 conference, showcasing its efforts to combat software supply chain attacks, API vulnerabilities, and malicious code. Overall, Checkmarx One’s updates enhance developers’ AppSec experiences and provide organizations with more integrated and comprehensive security management tools, crucial for maintaining competitiveness in an evolving cybersecurity landscape. Andromeda Security Introduces AI-Driven User Access Review Solution Andromeda Security, a tech company focused on identity security, has unveiled a new user access review (UAR) solution in San Francisco. This AI-powered platform reduces UAR review times by an estimated 60%-80%, enhancing security and ensuring compliance in modern IT environments, including hybrid and multi-cloud deployments. Context and Issues As IT environments become increasingly complex, traditional UAR methods are proving inefficient and time-consuming. Often, these methods serve merely as formality checks, failing to effectively mitigate business risks. According to the Identity Security Alliance (IDSA), 90% of enterprises experienced identity-related security incidents in 2024, with 84% directly impacting operations. To address these challenges, Andromeda Security’s new UAR solution leverages AI for automated reviews, providing rich risk assessments and behavioral insights. This ensures that UAR becomes a meaningful security control, reducing administrative burdens and enhancing business operations. Core Functionalities of UAR Solution Key features of the new UAR platform include: - Automated UAR: Uses AI to automate user access reviews, minimizing manual intervention and increasing efficiency. - Real-Time Risk Scoring: Provides instant risk assessments for users, aiding quick decision-making. - Behavioral Insights: Analyzes user behavior patterns to detect anomalies and prevent potential security threats. - Centralized Management: Integrates identity, permission, and activity data into a graph-based architecture for comprehensive visualization and management. - Least Privilege Principle: Ensures minimal access rights for users and non-human entities, reducing the attack surface. - Just-In-Time (JIT) Access: Grants access only when needed, improving operational flexibility. These functionalities streamline the UAR process, strengthen overall security, and simplify compliance. For instance, by automating risk scoring and behavioral insights, Andromeda can handle a high volume of user access requests, reserving human reviews for only the most critical cases, thus saving substantial time and resources. Company and Market Implications Andromeda Security specializes in addressing long-standing challenges in identity permission management and process automation. Its data-driven platform unifies identity, permission, and activity data, creating a graph-based security framework that supports intelligent automation and provides holistic visibility into security and remediation. Murali Basavaiah, CEO and founder of Andromeda Security, remarked, “UAR should enhance security, but it currently is an inefficient and resource-intensive process. Our goal is to transform it into a highly effective security control, reducing administrative overhead and achieving true compliance.” Industry Expert Opinion: Experts in the field view Andromeda Security’s UAR solution as groundbreaking. The platform's ability to drastically reduce review times and offer deep risk management and behavioral analysis positions it to help companies better navigate the complexities of modern IT environments. Customers have already reported notable improvements in security, and this product is expected to gain rapid market traction. Conclusion Veracode, Checkmarx, and Andromeda Security are all making significant strides in cybersecurity with their innovative solutions. Veracode’s AI-enhanced DAST and EASM tools help organizations identify and manage external risks more effectively, while Checkmarx’s IDE-integrated ASPM feature streamlines developers' security workflows and enhances collaboration. Andromeda Security’s AI-driven UAR platform significantly reduces review times and provides comprehensive security insights, making UAR a more efficient and meaningful security control. Each of these companies is addressing critical challenges in their respective domains, contributing to a more secure and resilient digital landscape.