New Relic (NYSE: NEWR), the all-in-one observability platform for every engineer, announced the general availability of New Relic Vulnerability Management to provide customers with security monitoring, helping engineering teams identify and triage vulnerabilities across their tech stack, all in one place, now available for purchase until the end of January at a promotional rate. This includes new Interactive Application Security Testing (IAST) capabilities, added to New Relic with the acquisition of K2 Cyber Security, that enable teams to perform vulnerability testing without having to make any code changes or interrupting normal business operations. Vulnerability Management is available out of the box and available without additional configuration.  

Vulnerability Management is a natural addition to New Relic’s existing 30+ observability capabilities and aligns with its vision of eliminating data, tool, and team silos. The solution integrates New Relic’s native vulnerability signals and third party security signals into its purpose-built Telemetry Data Platform to monitor and manage all enterprise telemetry data in one place. Development, security, and operations teams can now use one connected experience to manage application security issues and avoid switching between siloed tools. All of this is available as part of New Relic’s industry leading simple and transparent consumption pricing with a promotional offer to democratize observability and security for all engineers.

Today, DevOps teams work separately from security organizations, using different assessment tools and siloed data that can result in an incomplete picture of the vulnerability surface area of the software stack. This leaves many organizations struggling to protect their applications at the source code and runtime level. For example, security teams are still dealing with a critical flaw in the popular open-source logging tool Log4j more than a year after it was announced – of which 30% of instances remained vulnerable to exploitation. These types of  vulnerabilities are challenging to locate and identify in the stack and can be  so widespread that they can impact mission-critical software through unknown external dependencies. Vulnerability Management solves for this by providing visibility into an organization’s entire tech stack so they can identify vulnerabilities and protect their applications at every stage of the software development lifecycle.

“Maintaining application security is a critical part of the overall software developer workflow.” said New Relic CEO Bill Staples. “As a leader in observability, New Relic’s data-driven approach puts us in a unique position to provide security visibility across the entire enterprise tech stack. Our customers have been rapidly adopting the new Vulnerability Management capability while in preview and we are very excited to begin general availability at a promotional price, and simultaneously introduce new Vulnerability Testing capabilities in limited preview. ”

"Over 220 million Africans rely on our platform for their payment needs. We provide the payment rails to 120 banks and thousands of global and local businesses for their everyday operations, which means that security at scale is paramount to our business,” said Cellulant VP of Software Engineering Michael Muriuki. “New Relic Vulnerability Management has made it very easy for our engineers to gain real-time visibility into our applications at the production level and identify any vulnerabilities, assess their criticality, put them into context, and fix them at the application layer. We are able to do all of this at scale while preserving precious engineering resources and maintaining great customer experience.”

“Our digital marketplace enables thousands of creators. Like any thoughtful business, trust and security are fundamental to providing an excellent customer experience, which is why we rely on New Relic to bring our observability practice into alignment with our security practice,” said Thortful Co-founder and CTO Eric Genet. “Our engineers don’t have to look at multiple systems. They can see all of their alerts and system performance in one place, so we can get in front of potential issues well before they reach the customer.”

Key capabilities include: 

• Zero configuration visibility: Instant and actionable security information with no additional configuration that brings continuous runtime software composition analysis (SCA) for risk assessment across the stack.
• New vulnerability testing capabilities in limited preview: Detect signatureless vulnerabilities in pre-production environments using IAST. The new capabilities leverage a patented deterministic technique to identify and provide automated vulnerability validation with proof of exploit.
• Open third party integrations: Unified security view across the stack and software lifecycle by adding security data with New Relic’s open ecosystem using built-in quickstarts, or from any custom source using New Relic’s security APIs.
• Automatic risk prioritization: Evaluate  security risks across the software stack correlated with the service catalog.
• Alerting on newly discovered vulnerabilities: Notifications via Slack and Webhooks when new vulnerabilities are introduced in the code base.

Vulnerability Management is now generally available to all New Relic accounts in the US region, with general availability in the EU region planned for Feb 15, 2023. It is included as part of the Data Plus bundle or the Free Tier. Users can also add it to any consumption pricing plan for $0.10/GB on top of their current data ingest price, or at the promotional pricing of an additional +$0.06/GB if they purchase by January 31.

To learn more, read the blog and visit https://newrelic.com/platform/vulnerability-management.

Forward-looking statements

This press release contains “forward-looking” statements, as that term is defined under the federal securities laws, including but not limited to statements regarding New Relic Vulnerability Management, including any anticipated benefits, results and future opportunities related thereto. The achievement or success of the matters covered by such forward-looking statements are based on New Relic’s current assumptions, expectations, and beliefs and are subject to substantial risks, uncertainties, assumptions, and changes in circumstances that may cause New Relic’s actual results, performance, or achievements to differ materially from those expressed or implied in any forward-looking statement. Further information on factors that could affect New Relic’s financial and other results and the forward-looking statements in this press release is included in the filings New Relic makes with the SEC from time to time, including in New Relic’s most recent Form 10-Q, particularly under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Copies of these documents may be obtained by visiting New Relic’s Investor Relations website at http://ir.newrelic.com or the SEC's website at www.sec.gov. New Relic assumes no obligation and does not intend to update these forward-looking statements, except as required by law.