A Guided Take to Help You Navigate the Complex Present of Application Security

Human beings are known for a host of different things, but nothing is more recognizable about them than their very tendency to grow on a consistent basis. This particular tendency has already fetched the world some huge milestones, with technology appearing as a rather unique member of the stated group. The reason why technology’s credentials are so anomalous is purposed around its skill-set, which was unprecedented enough to realize all the possibilities for us that we couldn’t have imagined otherwise. Nevertheless, a closer look should be able to reveal how the whole runner was also very much inspired from the way we applied those skills across a real world environment. The latter component was, in fact, what gave the creation a spectrum-wide presence and made it the ultimate centerpiece of every horizon. Now, having such a powerful tool run the show did expand our experience in many different directions, but even after reaching so far ahead, this prodigious concept called technology will somehow keep on delivering the right goods. The same has grown to become a lot more evident in recent times, and assuming one new GRC-themed development pans out just like we envision, it will only propel that trend towards greater heights over the near future and beyond.

OpenText has officially launched the second generation of its advanced cybersecurity auditing technology called Fortify Audit Assistant. According to certain reports, Fortify Audit Assistant will come decked up with an intention to help all those developers and security personnel who currently face a sizeable amount of pressure to tackle application security with more sophisticated tools and practices. Now, while this has become an issue per se due to the growing prevalence of multi-cloud environments, the question that remains is what the new solution will do to get past the hump? Well, it will basically incorporate security at the very beginning of the software development lifecycle, right at code inception. That’s just the tip of the iceberg, though, considering the solution also brings to the fore greater developer efficiency by reducing noise and false positives. To understand the significance attached with the latter feature, we must acknowledge how triaging and validating raw static analysis results is actually one of the most time-intensive, manual processes within application security testing. Making the problem even more serious is the fact that so many companies just can’t afford to hire a dedicated team of human examiner experts in software engineering, computer science, and software vulnerabilities. Fortunately enough, Fortify Audit Assistant eliminates the very need for them to do so by automating security and addressing these issues through machine learning, thus presenting a system which can also learn from Fortify’s human auditors and become better over time. Talk about the product’s value proposition on a slightly deeper level, it begins with an account for model drift, where brand-new assistant models take a proactive approach to the ever-changing threat environment, apply complete automation of all those procedures that measure, and eventually report how models are doing. At the same time, they also bear the responsibility to refresh the stated models as necessary to accommodate any model drift. Going by the available details, the solution will deliver updated models to you after every quarter. Next up, Fortify Audit Assistant is going to offer you the prospect of individual focus. This means the solution can address, at the most microscopic level, the unique data privacy needs felt within each company so to give them the most relevant and effective service. Unlike its predecessor that used a single model for both SaaS and on-prem environments, the new assistant leverages on-prem model pipeline to continuously learn the unique behaviors of a company’s projects. Not just the assistant itself, but the learning here also gets better and better over time with vulnerabilities of different nature automatically detected and logged into the system. Hence, the solution should be able to gauge what’s appropriate for a company’s project, and at the same time, remain sensitive to its IP.

Then, there is the promise of expansive language expertise, expertise which is achieved through deep language specification. You see, no single model can effectively cover every programming language. However, in a bid to still generate greater insight into vulnerabilities across both on-prem and cloud environments, Fortify Audit Assistant packs together 30+ language-specific models. This paves the path for you to have a dedicated model for C++, another model for JavaScript, and so on. The idea here is to let the “team of experts” (AKA the models) get narrower and deeper to significantly bolster the likelihood of finding true vulnerabilities in software.

“The first generation of Fortify Audit Assistant was well ahead of its time with its use of predictive analytics and machine learning,” said Prentiss Donohue, Executive Vice President of Cybersecurity at OpenText. “Those pioneering efforts paved the way for us to derive 10 years of data from human experts and turn them into predictive models that are significantly more accurate compared to the previous generation’s models, improving efficacy in auditing by reducing false positives up to 90%. Enterprises can now leverage this depth of information—something no one else in the industry can provide—within their own software assurance programs.”

Rounding up the highlights is Fortify Audit Assistant’s ability to conceive extra data and context. So, let’s say, the solution’s routine scans revealed a vulnerability, but after combing through the enhanced context, you might discover that the issue isn’t exactly exploitable. This could be because of anything like, for instance, the code in question is actually just a test code and not the one deployed in reality. Understanding these supporting details should go a long distance to help the assistant achieve more effective results.

The solution will be debuted at the inaugural OpenText Security Summit 2024, an event where the company will also showcase demonstrations of several other products, including Voltage Fusion + Content Services, a unique integration which solves the challenges of managing sensitive data, and NetIQ Identity Manager in the OpenText Private Cloud, a compliance offering well-equipped to extend across hybrid environments.

Founded in 1991, OpenText has risen up the ranks by helping companies securely capture, govern and exchange information on a global scale. At present, the company is focused on providing services ranging across Information Management, Enterprise Content Management (ECM), Content Services, Digital Experience (DX), Customer Experience Management (CEM), Customer Communications Management (CCM), and more. As for its excellence in providing these services, the testament comes from how it is serving 98 of world’s largest 100 companies, as well as 40 of the world’s 50 largest supply chains. Along with that, OpenText has around 1 million trading partners, all while covering more than 6 thousand certified information Management services professionals. This expansive base means the company runs an estimated $9 trillion worth of commerce on its network every year. In case you are still not convinced, then it might be worth mentioning that the likes of Coca-Cola, L’Oreal, Hyatt, Philips Healthcare, Lupin, Heineken, and many others trust OpenText to address their information-related needs.

Hot Topics

Related Articles