Made with FlowPaper - Flipbook Maker
< PreviousPrisma Cloud embeds comprehensive security across the software development cycle. The platform identifies vulnerabilities, misconfigurations and compliance violations in IaC templates, container images and git repositories knowledge, DevSecOps also has a variety of challenges that businesses face during the process. This is where Palo Alto Networks—the global cybersecurity leader— steps into the game by continually delivering innovation to enable secure digital transformation—even as the pace of change is accelerating. In a nutshell, the company’s vision is a world where each day is safer and more secure than the one before. Everyday, Palo Alto Networks provides the visibility, trusted intelligence, automation and flexibility that help complex organizations advance securely. “By delivering a comprehensive portfolio and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices.” An innovative DevSecOps offering from the company is Prisma Cloud, a solution that delivers automated security for cloud native infrastructure and applications, integrated with developer tools. As cloud native application development is fast-paced and complex, it can be a challenge for security teams to keep up. With Palo Alto Networks, DevOps practices present an opportunity to use automation to secure apps and infrastructure before deployment, alleviating that pressure. The solution acts as a single tool for securing IaC, container images and source code across all modern architectures cloud environments. The Prisma Cloud embeds comprehensive security across the software development cycle. The platform identifies vulnerabilities, misconfigurations and compliance violations in IaC templates, container images and git repositories. It offers IaC scanning backed by an open source community, and image analysis backed by years of container expertise and threat research. With centralized visibility and policy controls, engineering teams can secure their full stack without leaving their tools, while security teams can ensure that only secure code is deployed. Infrastructure as Code Scanning Infrastructure as code presents an opportunity to secure cloud infrastructure in code before it’s ever deployed to production. Prisma Cloud streamlines security throughout the software development lifecycle using automation and by embedding security into workflows in DevOps tooling for Terraform, CloudFormation, Kubernetes, Dockerfile, Serverless and ARM templates. The solution also comes with an automate cloud misconfiguration checks in code which performs automated checks for misconfigurations at every step of the software development lifecycle. Users can also leverage the power of open source and the community Checkov with the open-source tool Bridgecrew built to power its build time scanning, is backed by an active community and has been downloaded millions of times. Bridgecrew comes with native integrations for IDEs, VCS, and CI/CD tooling to help developers secure code in their existing workflows. The tool automatically tracks dependencies for IaC resources as well as the most recent developer modifiers to improve collaboration in large teams. As a result, users can automate pull request comments for misconfigurations along with automated pull requests and commit fixes for identified misconfigurations. Bridgecrew is built on the open-source project Checkov. Checkov is a policy-as-code tool with millions of downloads that checks for misconfigurations in IaC templates such as Terraform, CloudFormation, Kubernetes, Helm, ARM Templates and Serverless framework. Users can leverage hundreds of out-of-the-box policies and add custom rules. Bridgecrew augments Checkov with simplified user experience and enterprise features. Checkov checks IaC templates against hundreds of out of the box policies based on benchmarks, such as CIS, and community sourced checks. Checkov’s policies include graph-based checks that allow multiple levels of resource relationships for complex policies such as higher severity levels for internet facing resources. The solution is uniquely designed to be extensible, with the ability to add custom policies and tags, as well as CLIs designed to be added to continuous integration and other DevOps tools. Bridgecrew augments Checkov’s open-source capabilities with Bridgecrew for a history of scans, additional integrations, auto-fixes and more. Integrated IaC with Ease Involving developers in remediation is the fastest way to get things fixed. Bridgecrew provides feedback directly in popular DevOps, including integrated development environments (IDE), continuous integration (CI) tools, and version control system (VCS). Additional aggregation and reporting are available in the Bridgecrew platform. Bridgecrew integrates with IDEs, CI tools and VCS to provide feedback and guardrails in the tools developers already use. Native integrations with VCS creates code comments with each new pull request for identified misconfigurations to make finding and fixing misconfigurations easier. Bridgecrew includes a centralized view of all misconfigurations across scanned repositories, with filtering and searching to find code blocks and owners. Integrations with collaboration and ticketing tools can generate tickets and alerts to notify the right teams to add remediations to DevOps tasks. The Prisma Effect Prisma Cloud delivers a single, unified agent framework to secure Linux and Windows hosts, containers and Kubernetes, on-demand container platforms, and serverless functions. With 74% of the Fortune 100 as customers, 2,000+ enterprises across the globe trust Prisma Cloud with over 2.5 B cloud resources secured. An instance that highlight the company’s value proposition is when Prisma Cloud is used by Sabre, a travel technology leader, to foster a culture of secure innovation on Google Cloud. Sabre wanted to gain complete cloud visibility and centralize security management to confidently “shift left,” apply automation, and build a secure-by-design culture of innovation. Sabre selected Prisma Cloud by Palo Alto Networks to centralize cloud visibility and security management across diverse infrastructure in a single pane of glass. Prisma Cloud offers direct integration with compliance frameworks (e.g., GDPR, PCI, SOC 2) that Sabre can consistently review to maintain a compliant state. Based on these frameworks, the team can build policies inside Prisma Cloud to show where the company is noncompliant, and then follow simple instructions to fix any issues. These security achievements elevated Sabre’s overall security posture and competitive edge by reducing the number of critical vulnerabilities that required team attention and resources to remediate, as well as increasing production velocity, delivering safe and secure products and services to market more quickly than ever before. Fostering a Secure Culture Cloud security requires a unified and integrated approach to deliver full stack, full lifecycle security. That’s why Palo Alto Networks has acquired and integrated the world’s leading startups into their Cloud Native Security Platform (CNSP). Today, the team is on a mission to build a more secure future for the world. With a set of innovations, acquisitions and investments Palo Alto Networks will continue protecting tens of thousands of organizations across cloud networks and mobile devices. With many niche vendors to choose from, what stands out about Prisma Cloud is the roadmap and the Palo Alto Networks vision to remediate critical vulnerabilities as well as delivering safe and secure products and services to market more quickly than ever before. 12 D evSecOps became an integral part of business success by enabling organizations to embrace the cloud within a short time. Recently, Gartner reported a 20-50 percent mar- ket penetration among DevSecOps target audiences. DevSecOps adoption boosts the resilience of organizations' IT products and ser- vices without compromising on other elements of their business operations. Moreover, as a standard software development methodology, it ushers in a slew of new trends that businesses should be aware of. While most of DevSecOps adoption is driven by organizations taking the path in security as code and infrastructure as code, more secure architecture patterns are also becoming a com- plementing trend alongside. Many leaders forecast that 2021 will incorporate DevSecOps with development processes as quality assurance was earlier adopted into development. Businesses are also becoming aware that it is essential to detect and correct vulnerabilities and threats in an automated manner. That’s where the DevSecOps era is trending. At this juncture, to simplify the selection process for our readers, the editorial team at Enterprise Viewpoint Magazine has audited thousands of such solution providers across the US and around the world. Based on the research, we compiled this list of “Top 20 DevSecOps con- sultants and solution providers 2021” with the help of our advising panel, including CIO, CTOs, and Pundits. 20 InnovativeAqua Security : Dror Davidoff, Co-Founder & CEO Burlington, US aquasec.com Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed. Alioit : Alfonso Bonillas, CEO Garmendia, Mexico alioit.com Aliolit provide software development services for complex software requirements using cutting edge technology for both open source (JavaScript, Python) and .NET (C# primarily) and cloud services such as AWS, GCP and/ or Azure. They also focus on continuous training and selecting only the best staff for the jobs required in fields of AI, ML (Predictive Analytics), etc. Breachlock : Luke Hohmann, Co-Founder & CEO New York breachlock.com BreachLock was founded in the cloud by industry experts who have been at the forefront of redefining Cybersecurity resilience testing for some of the world’s largest organizations. Our world class Penetration Testing as a Service platform has won many awards and industry recognitions for our innovative approach. Atlassian : Mike Cannon-Brookes Co-Founder & CEO; Scott Farquhar, Co-Founder & CEO Sydney, Australia atlassian.com Atlassian Corporation Plc is an Australian software company that develops products for software developers, project managers and other software development teams. Atlassian is a developer of collaboration and productivity software mostly geared toward the enterprise market. The company is best known for Jira, a project-tracking tool that helps software teams address internal issues and evaluate performance; Confluence, a product that makes it easier for teams to work together, share projects, and communicate through both mobile and desktop devices; and HipChat, which allows workers to chat privately and in groups. DevSecOps Solution Providers 2021 20 InnovativeCopado Holdings : Ted Elliott, CEO Madrid, ES copado.com Originally designed for Salesforce, Copado now supports a growing list of clouds including Heroku, MuleSoft, and Commerce Cloud. Their goal is to make release days obsolete by letting our customers deliver business value quicker to production and ensuring their ROI in Salesforce, System Integrators and own development teams is maximized. Crosslaketech : In 2021, Crosslake acquired Corsis in order to expand its ability to drive end-to-end value for investors and management teams. With the integration of Corsis, the real-world expertise of Crosslake’s technologists is complemented by objective scoring against benchmarks based on thousands of technology investments – creating a data-driven formula for actionable insights and transformative outcomes. Barr Blanton, CEO Sammamish, WA crosslaketech.com Caylent : JP LA Torre, CEO Greater Los Angeles Area, US caylent.com Caylent is a cloud native services company that helps organizations bring the best out of their people and technology using AWS. We work with customers to build, scale and optimize sophisticated cloud solutions using deep subject matter expertise to deliver world class outcomes through an agile co-delivery model. Cyral : Manav Mital, Founder & CEO California, US cyral.com Cyral is built to handle the unique performance, deployment and availability challenges of the data mesh. Cyral not only leverages open-source technology to secure the data we care most about. The company also build open-source projects of our own. Cyral’s goal is to bridge the gap between Security and Engineering teams, and foster a culture of working together with our growing community. DevSecOps Solution Providers 2021 20 InnovativeKloudgaze : Aditya Sharma, CEO MN, United States kloudgaze.com KloudGaze automatically maps every application and database in your enterprise, across multiple platforms, down to code levels. KloudGaze is the first and only solution in the industry that extracts information from your applications and databases using smart API’s and does not require any agents in the enterprise. Doppler : Brian Vallelunga, Founder & CEO San Francisco, CA doppler.com Doppler is a developer of an application management platform used to help developers manage their API keys across all their projects. It works across every language, stack, and infrastructure, increasing developer productivity while strengthening a company's overall security. Clients use Doppler to securely store secrets such as API keys, credentials, ENV variables, and database URLs. Granulate : Asaf Ezra, Co-Founder & CEO Tel Aviv, Israel granulate.com Granulate’s agent automatically learns your application’s specific resource usage patterns and data flow. By analyzing CPU scheduling order, oversubscribed locks, memory, network and disk access patterns, the agent identifies contended resources, bottlenecks and prioritization opportunities. The intelligent agent tailors OS-level scheduling and prioritization decisions regarding CPU, locks, caches and memory accesses to improve an infrastructure’s application specific performance. Nestybox : Cesar Talledo, Founder & CEO San Jose, California nestybox.com Nestybox enables Docker and Kubernetes to deploy rootless containers capable of running most workloads that run in VMs.This improves container security and allows you to use containers in powerful new ways. Nestybox empowers containers to act as virtual servers capable of running workloads such as Systemd, Docker, Kubernetes, and even legacy apps, seamlessly & securely. DevSecOps Solution Providers 2021 20 InnovativeOpsera : Chandra Ranganathan, CEO Palo Alto, CA opsera.io Opsera's continuous orchestration platform provides self- service toolchain automation, drag-and-drop declarative pipelines, and unified insights. At Opsera, we share a vision for the future of software delivery. Our vision is to empower software and DevOps engineers to deliver software faster, safer and smarter by providing them with a continuous orchestration platform that enables choice of any CI/CD tools and no-code automation across the entire DevOps life cycle. Opslevel : The microservice catalog helps your engineering teams ship more secure and resilient systems without compromising velocity. OpsLevel continuously monitors your services to streamline production readiness and promote continuous improvement. Track ownership, ops toolchain, deployment & commit frequency, and more. OpsLevel shows the most important and actionable data needed for managing your microservices and repos. John Laban, CEO & Co-Founder Toronto, Canada. opslevel.com Octopus Deploy : Paul Stovell, Founder & CEO Brisbane, Australia octopus.com Octopus Deploy is the first platform to enable developers, release managers, and operations folks to bring all automation into a single place. By reusing configuration variables, environment definition, API keys, connection strings, permissions, service principals, and automation logic, Octopus enables teams to work together from a single platform. Palo Alto Networks : Nikesh Arora, CEO and Chairman California, USA paloaltonetworks.com Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. Its core products are a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. DevSecOps Solution Providers 2021 20 InnovativeRafay : Haseeb Budhani, Co-Founder & CEO Sunnyvale, CA rafay.co Rafay Systems is a start-up company which enables developers to automate the distribution, operations, cross-region scaling and lifecycle management of containerized microservices across public and private clouds, and service provider networks. The company mainly serves telecommunications companies (telcos) and service providers. Rafay’s Kubernetes Operations Platform was specifically designed to help enterprises and service providers manage the lifecycle of their Kubernetes infrastructure and modern applications. Progress : Yogesh Gupta, CEO Bedford, Massachusetts progress.com Progress provides the best products to develop, deploy and manage high-impact business applications. Its comprehensive product stack is designed to make technology teams more productive and we have a deep commitment to the developer community, both open source and commercial alike. With Progress, organizations can accelerate the creation and delivery of strategic business applications, automate the process by which apps are configured, deployed and scaled. Qmetry : Makarand Teje, CEO Santa Clara, CA qmetry.com The QMetry brand provides a combination of tools, methodologies, practices, frameworks and best practices that allow agile teams to build, manage and deploy high quality software faster, with confidence. QMetry offers more than 20 integrations and is trusted by 1000+ brands globally across many industries like Finance, Healthcare Services, Travel & Hospitality, Retail, Education and High Technology. Veritis Group : Vic Peram Founder/CEO Irving, TX veritis.com Veritis is a global IT consulting services provider based out of Texas, United States. They focus on delivering high value to clients through integrated, reliable, responsive and cost- effective solutions. They have been a trusted partner to several small, medium and large companies including Fortune 500 firms for over a decade, enabling businesses to overcome critical business challenges. They hold profound experience and expertise in providing solutions for complex IT implementation projects and integrating emerging technologies in a dynamic environment. DevSecOps Solution Providers 2021 20 Innovative18 Cloud-Native Security with Ease T he scale and velocity of cloud native applications means an endless stream of code, potential risks, and security events. Moreover, the need for enabling security has become one of the most important challenge that businesses have to face while in the cloud space and over the migration. Aqua minimizes the attack surface of cloud-native apps while also identifying vulnerabilities, embedded secrets, and other security concerns throughout the development stage. A better understanding of the vulnerability posture and prioritize remedial and mitigation efforts is possible through Aqua Security, based on the level of risk. Aqua Security drives security innovation in the cloud-native ecosystem with a dedicated open-source engineering team that actively contributes to the community and freely shares their expertise and talents. This keeps the industry moving forward and their corporate customers on the cutting edge. Aqua Security was founded in 2015, as containers and serverless technologies were just emerging, recognizing that the dramatic change in application development and architecture requires an equally dramatic shift in security. Aqua Security is the world's largest cloud native security provider, allowing businesses to innovate and accelerate their digital transitions. To protect the build, secure cloud infrastructure, and secure operating workloads wherever they are deployed, the Aqua Platform enables prevention, detection, and response automation across the complete application lifecycle. Aqua clients include some of the world's leading financial services, software, media, manufacturing, and retail, with installations covering containers, serverless operations, and cloud VMs across a broad spectrum of cloud providers and current technology stacks. Recently, Aqua Security has been awarded a Representative Vendor in the Gartner Innovation Insight for Cloud-Native Application Protection Platforms (CNAPP) study. "Gartner recommendations directly align with Aqua's vision," says Dror Davidoff, CEO, and Co-founder of Aqua Security. Aqua will continue to innovate while ensuring that our integrated platform empowers customers to accelerate their cloud-native adoption without sacrificing security." Aqua frees a company and apps by using the power of cloud-native security. Up and down the stack, Aqua secures applications from development to production across VMs, containers, and serverless workloads. With security automation, companies can release and upgrade software at a DevOps pace. Aqua allows safe artifacts to go through the CI/CD pipeline by detecting vulnerabilities and malware early and fixing them quickly and deploys cloud native apps on any infrastructure while assuring secure configuration and compliance of cloud services, orchestration, and hosts. Neat is a fintech startup based in Hong Kong that offers international entrepreneurs safe payment options. The Neat team started their quest for a security solution by looking into Aqua and a few other well-known rivals. Each business appeared to have the tools and services Neat required, but it soon became evident that Aqua Security was the only one that could meet all of its requirements. Aqua offers a solution for securing applications of any size, from development to deployment. Most crucially, the Aqua platform could safeguard Neat's whole stack across VMs and containers, ensuring compliance with PCI DSS. The entire installation took around one month with Aqua's local reseller Systex Information (HK) Ltd. Aqua support and Systex worked together to fix any open issues, which Neat appreciated promptly. Consequently, the Neat team utilized Aqua in their CI/CD to secure container and VM development and production environments. It is now being used to serve three entire development teams and six different apps. Neat uses Aqua's vulnerability scanning to discover flaws in its pictures, decrease its attack surface, and locate embedded secrets during the development cycle. Neat also like Aqua's runtime policy functionality since it ensures that its apps are deployment-ready without delaying delivery by adopting a policy-driven approach and granular controls. Aqua's solution also provides the immutability of Neat's apps in runtime, enables zero- trust networking, and detects and prevents suspicious actions, such as zero-day assaults. Aqua is working to harness the potential of native cloud security and envisions a secure future for businesses. Aqua Security Dror Davidoff, Co-founder & CEO DevSecOps Solution Providers 2021 20 Innovative19Next >