Enhanced threat detection combines static analysis with malicious package analysis and integrated Sysdig runtime insights
PARAMUS, N.J. – AUGUST 5, 2024 – With the enterprise increasingly challenged to speed application deployment as the attack surface continually expands, Checkmarx, the industry leader in cloud-native application security, has introduced a powerful new Container Security solution. Offered as part of its cloud-native Checkmarx One application security (AppSec) platform, the new Container Security solution enhances team efficiency while delivering early vulnerability identification, actionable insights and streamlined mitigation within familiar development processes and workflows.
Sysdig runtime insights are integrated within the Checkmarx One platform to enhance threat detection by combining static analysis with runtime monitoring. Checkmarx Container Security thus enables more immediate, proactive response and mitigation strategies than other solutions, as well as a complete view of container security, leading to improved security posture. In addition, in a capability unique in the industry, Checkmarx Container Security identifies and flags malicious packages, emphasizing the critical risk they pose and provides runtime usage information, offering insights into whether malicious packages are actively used in running containers.
With Checkmarx Container Security, heads of development can trust their teams are able to integrate security readily within their familiar workflows. Developers and AppSec teams can make use of a robust feature set that ensures a thorough and proactive approach. Features include:
- Image Scanning and Breakdown: Multi-layered approach analyzing each layer of an image to identify vulnerabilities and potential threats. A granular view of each container image layer helps pinpoint security issues
- Package Inspection: Ensures packages within container images meet security best practices
- Vulnerability Assessment: Prioritizes vulnerabilities based on severity with detailed information and remediation guidance
- Triage Risks: Manages the severity and status of vulnerabilities with detailed audit trails
- Base Image Remediation: Recommends alternative base images with a lower security risk profile
- Malicious Package Identification: Leverages a proprietary database of more than 385,000 malicious packages discovered by the Checkmarx security research team. Container Security identifies and flags fully malicious packages as well as those for which only certain versions are flagged as malicious, alerting when packages are in active use in running containers.
- Results View: Intuitive interface providing detailed scan results and analysis
- Scan Risk Report: Comprehensive reports summarizing scan results, downloadable in various formats.
“As software development practices evolve, the attack surface expands while attackers seize new opportunities to deploy new exploit techniques,” said Kobi Tzruya, Chief Product Officer at Checkmarx. “One customer, a cloud-based service provider, saw an immediate impact in addressing significant, business-critical security vulnerabilities with our Container Security solution. Their key outcomes included a 40% reduction in critical vulnerabilities and the elimination of over 200 hours in remediation and management processes.”
To learn more about Checkmarx Container Security and Checkmarx One, visit this page.
About Checkmarx
Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services balance the dynamic needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, including 40 percent of all Fortune 100 companies.
Follow Checkmarx on LinkedIn, YouTube, and X.
Media Contact
Katie Brookes
Merritt Group for Checkmarx