Aricent Launches Intelligent Security Automation System
New capability, HAVOC, allows companies to catch product and infrastructure vulnerabilities faster and earlier in the DevOps cycle
MOBILE WORLD CONGRESS, Barcelona, and Santa Clara, California — February 27, 2018 — Aricent, a leading global design and engineering company, today announced the launch of its Highly Automated Vulnerability Assessment Orchestration Containers (HAVOC) framework that manages cyber risk by catching significant security vulnerabilities before they are exploited.
Companies are under pressure to launch products and services faster without exposing themselves to cyber risk. However, shorter time to market lifecycles and latent vulnerabilities raises the likelihood of more successful denial of service attacks and data breaches. Aricent’s HAVOC solution addresses the need to understand the nature of vulnerability risk through a combination of precision coverage, superior probability and statistics, and speed of decision making.
According to researchers, the costs of ransomware in 2015 was $325m and rose to $5bn in 2017. In the next five years, the cost could reach $8 trillion. Conventional security management of products is based upon monolithic risk models with infrequent pre-release tests and random post-deployment assessments. These methods are unable to keep up with the advancing threat levels to product security and are not evolved to accommodate the speed and rigor of Agile or DevOps processes.
While latent software defects will always exist, the challenge is remediating vulnerabilities that can be readily exploited. Through a high-performance graph database, the tool reduces the time to prioritize and correlate thousands of findings that can span software source code, run-times, protocols stack, application interfaces and cloud-native implementations. HAVOC increases speed, verification and frequency of build, test and deployments lifecycles. This results in safer, more secure applications and safeguards businesses from legal, business and economic problems.
“The idea is to create as much deliberate “havoc” on a network or product so when they get hacked, and they will, the hurdle for compromise is extremely high or hopefully non-existent. For example, we worked with a large cloud provider to shift security testing of OpenStack services much earlier in the lifecycle. We orchestrated best of breed vulnerability scanners from static code analysis, penetrating testing and quality assurance, to generate detained findings to fix what matters most”, said Walid Negm, Chief Technology Officer at Aricent.