St. Charles, MO, USA
Mar 23, 2023   |  By Rezilion
A Software Bill of Materials – also known as an SBOM – has emerged as another effective tool in the arsenal as organizations look to secure their supply chains. But there is currently a lack of standardization for SBOMs, making it challenging to establish a ground truth. Use of SBOMs has gained momentum since the Biden Administration’s executive order mandating that IT providers that work with the federal government must provide an SBOM to do so. This is not just a U.S.
Mar 21, 2023   |  By Rezilion
More and more organizations are deploying a software bill of materials (SBOM) to identify and track the various components of the software products they develop or use. The goals of using SBOM might include a desire to enhance software security, comply with U.S. federal government mandates, improve the software supply chain or some other reason. Regardless of the motivation for deploying an SBOM strategy, it’s important to know exactly what goes into an SBOM.
Mar 16, 2023   |  By Rezilion
A software bill of materials (SBOM) can be a powerful tool for enhancing security through improved vulnerability management. It can also help organizations meet their software licensing compliance requirements—no small consideration given how much software a typical organization uses.
Mar 14, 2023   |  By Rezilion
One of the requirements of Executive Order 14028, issued in May 2021 and designed to improve the nation’s cybersecurity, is that software producers who supply the federal government provide a software bill of materials (SBOM) for each product. An SBOM is a formal record containing the details and supply chain relationships of various components used in building software products.
Mar 9, 2023   |  By Rezilion
Overcoming SBOM problems can be challenging. But the value of an SBOM – also known as a Software Bill of Materials – is generally undisputed: They provide much-needed visibility into the details of open source and proprietary software components and the supply chain. Their intent is to give developers, buyers, and operators a better understanding of the supply chain so organizations can better track known or emerging vulnerabilities and risks.
Mar 7, 2023   |  By Rezilion
In an uncertain economy, getting sufficient funding for security budget projects can be hard to come by. Organizations are being more cautious about spending, which means security leaders must adapt accordingly. They need to be more discerning in how they plan their budgets. Fortunately, there are ways CISOs and other cybersecurity leaders can gain efficiencies and be smarter about how they conduct operations. Here are four tactics they can employ to maximize their cybersecurity investments:
Mar 2, 2023   |  By Rezilion
Building a successful DevSecOps strategy based on collaboration is key to its success. First, what is DevSecOps? It’s is a practice that combines development, security and operations. It is an extension of DevOps and it advocates for integrating security at the outset of the development process–instead of waiting until the end.
Feb 23, 2023   |  By Rezilion
Rezilion announces release of the company's new research, "Hiding in Plain Sight: Hidden Vulnerabilities in Popular Open Source Containers," uncovering the presence of hundreds of docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.
Feb 23, 2023   |  By Rezilion
We’re excited to release an important piece of research today about dangerous vulnerabilities hiding in container images that are commonly used and found in organizations around the world.
Feb 21, 2023   |  By Rezilion
Automation is an important element amid an ongoing cybersecurity skills gap. Anyone who works in the cybersecurity field knows that there has been a skills shortage going on for years. And unfortunately, there are no signs that the gap between demand and supply will close anytime soon. This is a frightening scenario for security leaders and their organizations, because the attacks and attackers keep getting more sophisticated and the threat landscape more complex.
Sep 27, 2022   |  By Rezilion
Azure DevOps is Microsoft’s Software as a Service (SaaS) platform providing developers a comprehensive DevOps platform to develop and deploy software. By integrating directly with Azure DevOps, Rezilion’s platform first helps customers discover all software components in their environment, then using granular run-time validation helps them prioritize vulnerabilities that are exploitable and eliminate what isn’t relevant. This allows developers to focus on what matters most and remediate strategically.
Sep 7, 2022   |  By Rezilion
View this video to learn more about Rezilion and CircleCI's integration and see it in action.
Aug 3, 2022   |  By Rezilion
Take a deep dive into Rezilion's open source tool, MI-X or Am I Exploitable. Learn what the tool is, what makes it unique, and watch a demo that shows the tool detecting Log4Shell.
Aug 1, 2022   |  By Rezilion
Get an in-depth look at Rezilion's Attack Surface Management Platform and how it can reduce your attack surface as well as help manage vulnerabilities.
Jul 13, 2022   |  By Rezilion
View a demonstration of Rezilion's integration with GitLab to see how you can reduce patching efforts by 85% so you can code more, release faster, and patch less.
Jul 12, 2022   |  By Rezilion

#vulnerabilitymanagement #vulnerabilities #devsecops #devops #sbom #dynamicsbom

Jul 11, 2022   |  By Rezilion
Learn how you can fix security issues quickly and easily using Rezilion auto-remediation feature in CI.
Jul 11, 2022   |  By Rezilion
Use Rezilion's Dynamic SBOM to create a continuous inventory of all of your software components, map any recognized vulnerability to these components, assess, and share your attack surface.
Jun 23, 2022   |  By Rezilion
View this on-demand webinar and learn.
Jun 23, 2022   |  By Rezilion
The recently discovered flaw in Apache’s Log4j software continues to stress security teams and put many organizations at risk. Because Log4j is very difficult to detect, many scanners may not detect it. Rezilion researchers conducted a survey using multiple open source and commercial scanning tools and assessed the tools against a dataset of packaged Java files where Log4j was nested and packaged in various formats. While no scanner was able to detect Log4j in all formats initially, several scanner makers were quick to respond and update their technology to find the bug.

Rezilion’s autonomous cloud workload protection platform instantly shrinks your attack surface while enabling developers to push code freely.

Rezilion is a stealth mode cyber-security start-up, created by successful serial-entrepreneurs. Rezilion develops a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

Security at Cloud Speed and Scale:

  • Dynamic Whitelisting & Application Control: By statically analyzing CI/CD pipeline artifacts (code repositories, VM and container images repositories, etc.) Rezilion determines the correct state for every production instance and assures that each is behaving exactly as programmed.
  • Hardening & Vulnerability Management: Vulnerabilities, known and unknown, are part of the DevOps life. Unfortunately, they can’t be fixed all at once. Rezilion makes living with vulnerabilities manageable by reducing the vulnerable attack surface — as well as the tension between DevOps and Security teams.
  • Exploit Prevention & Memory Protection: Rezilion continuously assesses the integrity of hosts, virtual machines, and containers; providing broad protection against attacks, without the overhead and complexity of legacy solutions.
  • Change Control & Access Management: Immutability is a shared goal for developers, IT, and security. However, few production environments are completely immutable. Rezilion helps control and document any manual change that bypasses the CI/CD pipeline.

Effortlessly reduce your attack surface.