SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
DevSecOps
#
AI
#
Cybersecurity

Perforce launches upgraded Puppet to cut cyber risk downtime

Today
Author image
By Catherine Knowles, Journalist

Perforce Software has released an updated version of its Puppet Enterprise Advanced platform, targeting faster vulnerability remediation and improved collaboration between infrastructure and security teams.

The platform update arrives amid growing concerns over rapidly evolving cyber threats, attributed in part to the increased use of artificial intelligence in attack methodologies. Recent figures from Statista indicate that vulnerabilities in software systems now persist for an average of 229 days before remediation, heightening the risk to organisations and their customers. This delay has been exacerbated by challenges such as rapid infrastructural scaling, inefficient operations, and a global shortage of skilled cyber professionals.

Perforce states that the new features in Puppet Enterprise Advanced will help businesses address security risks more swiftly by embedding remediation processes directly within infrastructure automation workflows. This approach is intended to break down silos between operations and security, allowing for a more integrated understanding of organisations' overall security posture while reducing manual cross-team handoff delays.

"Vulnerabilities continue to increase, with around 40,000 known vulnerabilities in 2024. Because of this explosion in vulnerabilities, the mean time to remediate continues to increase, leaving companies extremely vulnerable to attacks. Enterprises must combat this by integrating security with infrastructure automation to shorten the vulnerability remediation cycle," said Tzvika Shahaf, Vice President of Product Management at Perforce. 

"Our new release empowers organizations to unlock a collaborative DevSecOps environment by shrinking the opportunity window for attackers. In future Puppet releases, the pace will quicken further with human-in-the-loop, AI-driven automation."

The updated platform features several enhancements designed to streamline responses to identified security threats. Integration with security scanners, with Tenable Nessus included by default, enables automated identification and remediation of vulnerabilities. The platform's open API framework and extensible architecture allow additional scanners to be incorporated, increasing flexibility for organisations with diverse environments.

Users of Puppet Enterprise Advanced can now manage patching workflows from within the tool's graphical user interface. Additional support for maintenance and blackout scheduling is included, aimed at minimising disruption to normal business operations. Enhanced dynamic patching group capabilities are designed to improve efficiency in managing hybrid infrastructures commonly found in enterprise settings.

The platform enforces continuous alignment of system configurations with established security policies through its desired state enforcement feature. Any deviation from policy triggers an automatic remediation process and generates necessary documentation for audit purposes, a capability expected to assist organisations in maintaining regulatory compliance.

Another enhancement is the pre-built, reusable policy as code (PaC) modules, which ensure systems automatically remain in line with industry-standard security baselines. These modules can be updated as best practices evolve, reducing the manual effort required from in-house teams.

Self-service workflows and increased cross-functional visibility are intended to improve collaboration between traditionally siloed operations and security teams. These features are designed to help decrease the mean time to remediate vulnerabilities, decrease operational risk, and improve cost efficiency for organisations seeking to manage increasingly complex technology estates.

Perforce reports that its approach allows platform teams to better support security teams, thereby boosting resiliency and reducing the mean time to remediate vulnerabilities. According to the company, these capabilities enable risk reduction, process efficiency gains, and savings on operational costs through automation and improved collaboration.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Armis offers free access to real-time cyber threat database
Lattica secures $3.25 million to boost private AI with FHE
Mandiant report finds rise in financially motivated cyber attacks
Veeam report finds 69% of firms hit by ransomware in past year
World IP Day: Experts calling for IP reform in the age of AI
Top stories
Phishing attacks thrive on human behaviour, not lack of skill
AI use in enterprises soars but brings surge in cyber risks
Yubico & Solvatten boost digital security & clean water
Datadog acquires Metaplane to boost AI & data observability
Veeam partners with CrowdStrike to boost data resilience & security