SUNNYVALE, Calif.–(Business Wire—AzulThe only company 100% focused on Java, announced today Azul Vulnerability Identification, a new SaaS product that continuously detects known security vulnerabilities that exist in Java applications. By eliminating false positives and with no performance impact, Azul Vulnerability Detection is ideal for use in production and addresses the rapidly growing enterprise risk around software supply chain attacks.
According to Gartner®“By 2025, 45% of organizations worldwide will experience attacks on their software supply chains, a threefold increase from 2021” (Gartner, Emerging Tech: Software Bill of Material Is Critical to Software Supply Chain Management, Mark Driver, September 6, 2022).
Azul’s agentless cloud service helps organizations understand their Java application exposure to known vulnerabilities based on actual usage in production, QA and development. This approach enables true end-to-end security throughout the software supply chain without incurring any performance penalty while eliminating false positives.
Vulnerabilities in third-party product code increase enterprise risk
Approximately 40% to 80% of the lines of code in software come from third parties such as libraries, components, and SDKs. Vulnerabilities in third-party sources, whether commercial or freely available open source, represent a growing threat to all industries and require attention at all stages of the software supply chain.
For example, organizations are grappling with Log4Shell, a critical vulnerability found in a widely used Java-based logging component (Log4j), which the Department of Homeland Security called “One of the most serious software vulnerabilities in history.Azul Vulnerability Detection allows organizations to focus on where components like Log4j are actually being run and used rather than just being present. This highly accurate runtime-level visibility enables rapid remediation of vulnerabilities with significantly less operational overhead.
“Attackers will target commonly used open sources to find vulnerabilities because they know their widespread use will leave many organizations open to attack. We’ve learned from past vulnerabilities like Log4Shell that the challenge is to rapidly detect in-use incidents and quickly remediate them,” said Melinda Marks, senior analyst at Enterprise Strategy Group. “Azul vulnerability detection will be useful for organizations to use to efficiently patch Java vulnerabilities to protect their applications.”
Detecting product vulnerabilities is critical to securing the software supply chain
Azul Vulnerability Detection uniquely identifies code running in the Azul JVM using sophisticated, highly granular techniques and maps against a curated Java-specific database of common vulnerabilities and exposures (CVEs). It also provides more accurate results and eliminates false positives for custom code and shaded elements. In addition, a history of detections is retained so that when new CVEs are discovered, organizations can discover when and on which systems they are running vulnerable versions, allowing for focused and efficient forensics.
Users can access data about which components are (or were) in use and vulnerable through the product’s API or intuitive UI. As an agentless cloud service, Azul Vulnerability Detection avoids the performance penalty associated with other tools that require customers to install and manage a separate piece of software such as agents.
“Azul vulnerability detection makes security a byproduct of running your Java software,” said Scott Sellers, Azul CEO and co-founder. “Our new product fills a critical gap in enterprises’ security strategies – detecting vulnerabilities at the point of use in a product, the end point of the software supply chain. As a leading Java runtime provider for the world’s most critical enterprises worldwide, Azul is uniquely positioned to grow the vulnerability detection market by eliminating the performance penalties and false positives that plague customers relying solely on legacy tools.
Azul’s new product enables practical monitoring of product vulnerabilities
Today’s announcement marks the latest addition to Azul Intelligence Cloud’s family of products. Azul Vulnerability Detection is available now and works with any Azul JVM, including the free Azul Zulu builds of OpenJDK, and is compatible with all Java applications, libraries and frameworks. Benefits include:
- Ongoing research at the point of use in the product: Continuously assesses application-level exposure to product vulnerabilities without requiring source code. Compares executed code against a Java-specific CVE database.
- Eliminate false positives and accelerate solutions: Rare focuses on human remediation efforts where vulnerable code is or has been used versus just being present. Monitoring code implemented by the Java Runtime (JVM) eliminates false positives and generates accurate results unattainable by traditional tools.
- NoOps enables practical product traceability with transparent performance: Azul uses monitoring and detection built into the JVM to eliminate performance penalties commonly seen with other application security tools. As an agentless solution, it eliminates the management overhead of maintaining and updating separate agents within the product.
- Search for every Java application, library and framework: Checks all enterprise Java software (Spring, Hibernate, Tomcat, Quarks, Micronaut and infrastructure such as Kafka, Cassandra, Elasticsearch, Spark, Hive, Hadoop, and more) — whether they’re built, purchased, or security with a recent change Presenting the regression.
- Historical traceability enables focused forensics: A history of component and code usage is retained, helping enterprises focus forensic efforts on determining whether code was actually exploited before it was identified as vulnerable.
Headquartered in Sunnyvale, California, Azul provides the Java platform for the modern cloud enterprise. Azul is the only company that focuses 100% on Java. Millions of Java developers, hundreds of millions of devices, and the world’s most prestigious businesses trust Azul to power their applications with exceptional capabilities, performance, security, value, and success. Azul customers include 35% of the Fortune 100, 50% of the Forbes top-10 most valuable brands in the world, all 10 of the world’s top-10 financial trading companies and leading brands such as Avaya, Bazaarvoice, BMW, Credit Suisse, Deutsche Telekom, LG. , Mastercard, Mizuho, Priceline, Salesforce, Software AG and Workday. Learn more here azul.com And follow us @azulsystems.
GARTNER is Gartner, Inc. and/or is a registered trademark and service mark of its affiliates in the US and internationally and is used herein with permission. All rights reserved.