IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
New Relic launches vulnerability management platform
Mon, 23rd May 2022
FYI, this story is more than a year old

New Relic has introduced New Relic Vulnerability Management to help organisations find and address security risks faster and with greater precision.

With this launch, every engineer in the software team, including security engineering teams, can use New Relic as the default platform to aggregate native and third-party security signals in context of the entire software stack.

Engineering teams will be able to manage security risk at scale and accelerate secure software delivery and operation, New Relic states.

The new vulnerability management capabilities will be available free of charge for every full platform user with the Data Plus SKU, delivering more value to existing New Relic customers.

Securing modern software applications is a complex problem. In order to detect all vulnerabilities, software teams have historically resorted to using several disparate security solutions, leading to a siloed understanding of security risks that can create blind spots and increase business risk, the company states.

New Relic solves the same problem for DevOps use cases with its observability platform, collecting performance signals from multiple sources to provide complete visibility across the stack.

New Relic Vulnerability Management extends its open ecosystem approach and is the only observability platform on the market that allows customers to easily aggregate native vulnerability detection and existing security data from the security solutions they already use.

As a result, engineering teams such as DevOps, SecOps, NetOps and SRE will have total visibility of all of the vulnerabilities in their software stack in a matter of minutes, so they can collectively understand and close security gaps, and ultimately protect their customers' data.

New Relic CEO Bill Staples says, "Minimising security risk across the entire software development life cycle is imperative and we are seeing more pressure on DevOps to manage risk while making sure it doesn't become a blocker to the pace of innovation.

"New Relic Vulnerability Management delivers more value to engineers harnessing the power of observability with our platform approach, and accelerates our mission to help every engineer do their best work with data, not opinions.

New Relic chief architect APJ Peter Marelas says, "Open source is a common source of vulnerability. According to New Relics 2021 Observability Forecast, over half (57%) of organisations in ASEAN are investing 5-10% of their budgets into open source, with almost a third (30%) committing over 10% of their budgets.

"With increasing investment in open source technologies, there is a clear need to surface software vulnerabilities to all engineers through the SDLC so they are empowered to address them before they turn into production security incidents."

By mapping and correlating technical components, engineers can contextualise many security signals in one place to monitor, debug, and secure the entire software stack and reduce overall risk more effectively.

According to the company, New Relic Vulnerability Management also helps engineering teams:

  • Integrate third-party security tools with native vulnerability detection for unified security in context
  • Break down silos and create a deeper understanding of security across organisations with strongly opinionated KPIs
  • Prioritise security risk with entity correlation and topological analysis within the curated New Relic product experience
  • Identify actions to remediate risk, integrate directly into ticketing systems, and provide an audit trail of decisions and actions to integrate security workflows throughout the SDLC
  • Unite and address vulnerabilities during development as well as in pre-production and production environments

According to Forrester Research, the goal is not to prevent an intrusion, the goal is to help the organisation become a trusted business. Trusted businesses do not allow multiple intrusions to occur, or they will not remain trusted. This phase is not a failure state, but an opportunity for transparency and improvement, especially by demonstrating to customers and employees that they are the victims here.

The researcher continue, this is where observability for constant situational awareness, effective analytics, and expertise converge to find sophisticated and emerging threats that bypassed the earlier stages.

New Relic Vulnerability Management is currently available in limited preview across all regions as part of the New Relic platform, with general availability coming later this year. The new vulnerability management capabilities will be available free of charge for every full platform user with the Data Plus SKU.