- DevOps teams that create and deliver continuously updated software are the target audience for the new offering.
- According to the company, New Relic IAST improves application security testing by swiftly identifying vulnerabilities without false positives.
New Relic Interactive Application Security Testing, a new service that became available in public preview recently, is being added to New Relic Inc.’s arsenal of observability tools.
According to the company, New Relic IAST enhances application security testing by providing visibility and context for the results. Additionally, it provides guided remediation to assist teams in resolving any issues they find and advanced threat and vulnerability detection accuracy with almost no false positives and proof-of-exploit.
The new product is intended for DevOps teams creating and shipping continuously updated software. According to a paper by Osterman Research cited by New Relic, 85% of applications have vulnerabilities when they are shipped. This underscores the need for a context-driven approach to detect, prioritize, and verify bugs with proof of exploit, leading to quicker remediation. However, the reactive nature of most current application security testing techniques leads to false positives, missed release cycles, and increased costs.
According to the company, New Relic IAST improves application security testing by allowing vulnerabilities to be found more quickly and without false positives. It is based on a patented deterministic technique that can find vulnerabilities, automatically validate them, and present verifiable evidence of their existence. New Relic says that helps lessen noise and hasten the remediation process.
According to Manav Khurana, Chief Product Officer at New Relic, developers must rethink how they create and secure cloud-native applications to reduce security risks. He explained, “Adopting a converged observability and security approach is a must in order to help engineers deliver optimized user experiences. Enabling engineers to transform their view of the health, performance, and security of their applications and infrastructure will provide them the ability to take real-time action to eliminate security risks earlier before it impacts their organization’s bottom line.”
The new service offers complete 360-degree visibility of the application stack and its relationships, along with context-driven insights that support the validity of corrective actions. Additionally, it has dynamic assessment capabilities that mimic actual attacks to precisely identify the origin of vulnerabilities.
With guardrails and status-tracking features, it adopts a proactive approach to help developers avoid errors throughout the software development lifecycle. Finally, according to New Relic, the service is easy to deploy using its current application monitoring agent and seamlessly integrates with existing software pipelines to prevent disrupting workflows and processes.
According to Stephen Elliot, an analyst with International Data Corp., businesses must close application security gaps to boost client loyalty and trust, cut down on financial losses, and comply with regulatory requirements. He said, “Applying security testing during the application development and testing stages can ensure issues are caught well before they impact customers, while helping modernize the software development lifecycle by providing customers with a more secure and highly reliable experience.”
IAST, according to New Relic, is now accessible to Data Plus subscribers as a part of its all-inclusive observability platform. Additionally, it provides recent users with a free 30-day trial that can be activated.