SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
New Relic releases interactive security testing with proof-of-exploit reports
Thu, 14th Mar 2024

New Relic, the notable observability platform, has announced widespread availability of their Interactive Application Security Testing (IAST) facility, now featuring a unique proof-of-exploit reporting for application security. The new capabilities will allow customers identifying exploitable vulnerabilities in real-time, reproduce the issue, and fix specific threat vectors before launching the code.

Such enhancements will assist security and engineering teams by enabling them to focus on actual application security issues, and keep false positives at bay. The OWASP benchmark has validated these features with a result of 100% accuracy.

An inundation of security alerts from traditional code scanners often leads to developers manually inspecting them. Often, engineers can end up devoting up to 60% of their development time sifting through vulnerabilities that pose only a marginal risk to the business, while potentially dangerous vulnerabilities remain unattended. The new proof-of-exploit reporting categorises applications into three categories: safe, exploitable, or untested. This feature enables engineers to identify vulnerabilities swiftly, make knowledgeable decisions regarding which application to deploy to production or retest, and facilitates seamless coordination between security and engineering teams leading to quicker and safer code deployment.

This promotes integration of security into the developmental culture, instead of considering it as an add-on. New Relic's IAST strengthens DevSecOps by fostering cooperation between developers and security teams, encouraging them to write secure code that can withstand future threats and champion a preemptive stance on security. According to New Relic's Chief Product Officer, Manav Khurana, "New Relic IAST furthers this mission, offering engineering and IT teams the method to identify actual application security threats with the same platform used for application performance monitoring".

The latest updates by New Relic include proof-of-exploit reporting - dynamic assessment capabilities detecting vulnerabilities via simulation of real-world attacks, 'Secure by Design' - showcasing potential versus detected exposures for quick replication, remediation, and validation of fixes, Instant ROI - the exclusive application security solution available readily in a full consumption model, and Instant Impact Analysis - identifying the number of applications potentially affected by a vulnerability and determining the potential severity of the identified risk.

IAST is now a native feature of the New Relic platform, eradicating the requirement for additional agents. It is now globally available in accordance with a usage-based pricing model. Existing users can avail a preview by logging into their New Relic account, while new customers can sign up for a complimentary account.