Securing modern software systems is complex. Applications are often composed of thousands of components, each with the potential to carry business critical security vulnerabilities that can increase the risk of IP theft, data loss, monetary loss, reputational damage, and more.
To help software organizations be more secure, we are launching the public preview of our vulnerability management solution with a free 90-day trial. New Relic vulnerability management, generally available early next year with Data Plus, enables a more comprehensive approach to security and risk management by offering vulnerability detection across all application dependencies instantly, without any additional configuration, and an open ecosystem so you can easily import security signals from your existing assessment tools.
See vulnerabilities, performance, and availability issues in one connected experience so you can quickly assess which are the most urgent and reduce risk more effectively. The vulnerability management public preview provides:
- Application vulnerability analysis: View the presence of common vulnerabilities and exposures (CVEs) across all dependencies. Get recommendations to update libraries and deploy across language frameworks.
- Infrastructure vulnerabilities in context: Evaluate cloud posture risks from 3rd party tools, including Center for Internet Security (CIS) benchmarks alongside cloud resource performance, and see guidelines for remediation based on known issues.
- Integrate external security tools: Import data from tools such as Snyk, Lacework, GitHub Dependabot, AWS Security Hub, and others using built-in quickstarts, or use APIs to send data from any custom source.
- Mitigation and collaboration workflows: Easily link vulnerabilities to specific orgs, teams, applications, or services based on context available in New Relic, then assign issues to your engineers for triaging.
- All-in-one platform access: Automatic access to all vulnerability management features for full platform users with Data Plus at no additional cost. No contract changes are needed.
Read on to learn more about the benefits of adding vulnerability management to your observability stack.
Continuously analyze your applications for vulnerabilities
To help ensure your applications and dependencies are secure, New Relic vulnerability management also offers:
- Library update recommendations in your APM services based on known vulnerabilities.
- A global view of the dependencies used across individual teams, workloads, and your entire organization to assess the presence of CVEs across your applications.
- Widespread language support, including Java, Node.js, .NET, Ruby, and Python, with Golang and PHP on the way.
Bring your existing assessment tools into our open ecosystem
Integrate the security tools you’re already using with New Relic vulnerability management, giving you complete visibility into security issues in one place. You can consolidate and prioritize your remediation efforts with the following features:
- Import cloud security issues from AWS Security Hub.
- Use third-party assessment tools, including Snyk, Lacework, and Dependabot for complete visibility of security across your services.
- Integrate other third-party security tools through an open API.
Collaborate across your organization to track, fix, and report on vulnerabilities for a more secure stack
To fix vulnerabilities before they impact your business and customers, you need to collaborate and communicate across teams. Too often, security teams work separately from the engineers building your applications, creating security risk vectors. New Relic vulnerability management allows you to:
- Track and report on the vulnerability lifecycle at the organization, team, application, or individual component level.
- Correlate vulnerabilities automatically with your technical entities to help security engineers understand your architecture and prioritize the most critical risks quickly.
- Assign security issues to New Relic users, creating personally prioritized worklists for developers and teams.
Ensure your infrastructure is secure
Security vulnerabilities in your infrastructure can leak data, compromise your services, and knock your application offline. With New Relic vulnerability management, you can:
- Integrate AWS Security Hub to show CIS benchmarks and other cloud posture risks alongside cloud resource performance in New Relic.
- Get recommendations on infrastructure upgrades based on known vulnerabilities.
More security features are on the way
Look for more news in the upcoming months about exciting new features. Soon you’ll be able to automatically detect software flaws like SQL injection, command execution, and other Open Web Application Security Project (OWASP) Top 10 issues. New features to come also include advanced tools like interactive application security testing (IAST) and runtime application self-protection (RASP) to monitor vulnerabilities at testing time and many others.
Get started with New Relic vulnerability management
You can activate your free 90-day trial vulnerability management preview today by logging in to your New Relic account. If you don’t have a New Relic account yet, sign up today.
Las opiniones expresadas en este blog son las del autor y no reflejan necesariamente las opiniones de New Relic. Todas las soluciones ofrecidas por el autor son específicas del entorno y no forman parte de las soluciones comerciales o el soporte ofrecido por New Relic. Únase a nosotros exclusivamente en Explorers Hub ( discus.newrelic.com ) para preguntas y asistencia relacionada con esta publicación de blog. Este blog puede contener enlaces a contenido de sitios de terceros. Al proporcionar dichos enlaces, New Relic no adopta, garantiza, aprueba ni respalda la información, las vistas o los productos disponibles en dichos sitios.
Forward-looking statements
This blog post contains “forward-looking” statements, as that term is defined under the federal securities laws, including but not limited to statements regarding planned features for New Relic vulnerability management and timing for their release, and any anticipated benefits, results, and future opportunities related thereto. The achievement or success of the matters covered by such forward-looking statements are based on New Relic’s current assumptions, expectations, and beliefs and are subject to substantial risks, uncertainties, assumptions, and changes in circumstances that may cause New Relic’s actual results, performance, or achievements to differ materially from those expressed or implied in any forward-looking statement. Further information on factors that could affect New Relic’s financial and other results and the forward-looking statements in this blog is included in the filings New Relic makes with the SEC from time to time, including in New Relic’s most recent Form 10-Q, particularly under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Copies of these documents may be obtained by visiting New Relic’s Investor Relations website at http://ir.newrelic.com or the SEC's website at www.sec.gov. New Relic assumes no obligation and does not intend to update these forward-looking statements, except as required by law.