At Phoenix Security, we’re redefining the landscape of vulnerability management and application security with our latest release. Packed with innovative features and robust integrations, this update lays the foundation for the future of Application Security Posture Management (ASPM). These enhancements make managing security risks faster, smarter, and more effective for modern teams.
Key Highlights of the Release
This update delivers industry-leading features to streamline vulnerability management and improve application security workflows. Here’s what’s new:
• Reachability Analysis with Contextual Deduplication (Code to Containers)
• Container Throttling and Version Monitoring
• Asset-Centric Actions and Lifecycle Management
• Enhanced Findings and Asset Details
• Flexible Ticketing Across Projects/Backlogs
• New Integrations: Sysdig, BlackDuck, and Improved Lacework Integration
These upgrades empower organizations to prioritize vulnerabilities, reduce noise, and align security efforts with business goals.
Join us in revolutionizing cybersecurity management with these innovative features, designed to make your life easier and your organization more secure. Dive into the new Phoenix Security Platform and experience the future of cybersecurity today.
Advancements in ASPM: Contextual Deduplication and Reachability Analysis
Phoenix Security introduces Contextual Deduplication, a game-changer in ASPM and Application Security. This feature enhances Vulnerability management and links vulnerabilities in source code with runtime assets like containers, enabling security teams to focus on fixing the root cause of issues.
How It Works:
• Correlates SCA findings in source code with containers in runtime environments.
• Example: If a pom.xml file introduces a CVE (e.g., CVE-1234-1234) into a container, the platform identifies the source file as the origin of the vulnerability.
• Benefits:
• Highlights the root cause to prioritize fixes.
• Increases effective risk scores for source vulnerabilities due to container exposure.
• Avoids redundant fixes in runtime environments by addressing the core issue.
A feature focus is available here
This is another step forward in empowering security and engineering teams to focus on the most relevant vulnerabilities. In this case, the goal is to highlight the “source code” findings that originate from other findings in runtime assets, in particular in containers.
Now, the platform will automatically identify SCA findings in source code deployed in specific containers and enhance Vulnerability management. This process involves several steps and techniques, but the result is that Phoenix identifies source code artifacts that strongly correlate with the contents of a container and then maps individual finding pairs on both sides.
For example, if a build file (e.g. pom.xml) is deployed on a container and both have CVE-1234-1234, then those findings will be matched. This means that the CVE in the container has been introduced through the build file. Typically, one single source artifact is deployed in multiple containers, so the relationship is one-to-many.
This allows the platform to:
- Highlight the source finding as the originator of the findings in the containers, allowing teams to focus on the root cause.
- Increase the effective risk of finding the source based on the additional exposure created by the containers.
- Stop selecting those container findings for fixing since the actual fix needs to be implemented in the source finding.
Container Throttling and Single-version management for ASPM
Any security team faces the challenge of managing hundreds of container versions. Phoenix Security’s new container throttling feature tracks only active versions in registries, reducing unnecessary noise and simplifying vulnerability management.
This feature enabled us to drastically reduce up to 91% of the container vulnerabilities on one of our clients, keeping track of the latest image version. We are currently working on improving the tracking of vulnerabilities for each container. Together with container reachability analysis we managed to reduce drastically the Open source vulnerabilities /SCA and Container vulnerabilities by 50% and 91% respectively.
A feature focus is available here
Lifecycle Management in ASPM by Asset/Vuln Type
Phoenix Security ASPM enhances control over the lifecycle of findings and assets by allowing users to set customized grace periods for each type of vulnerability or asset. This flexibility ensures that all findings are handled effectively within their specific risk contexts.
The feature is particularly key for Vulnerability management teams that manage different types of assets that have different lifecycles, e.g., a laptop might be on and off for months while a container vulnerability might be present and disappearing hundreds of times a da.y
Asset and Vulnerability Management in ASPM
One of Phoenix Security’s ASPM main goals is to make everyday tasks as simple and efficient as possible. That’s why bulk operations on findings and assets have been part of the platform for a long time. This feature allows users to select multiple findings and perform a range of different actions on them, from creating issue tickets to adding comments.
With this release, we bring further enhancements to this area by allowing users to select one or multiple assets or vulnerabilities and perform bulk actions based on the findings contained within them. This allows users to perform those bulk actions without leaving the screen they are working on.
Select Any Project/Backlog to Create Tickets
The Phoenix Security ASPM platform has always provided a flexible way to configure projects (backlogs) within integrated ticketing systems to enhance the Application security team’s workflow and Vulnerability management. Its two-level configuration model provides enough granularity to associate entire applications and environments with a particular project and to configure exceptions to the top-level setting down to the component level.
This mechanism ensures that new tickets (even when created automatically by the platform) go to the right team’s backlog.
But sometimes users need to deal with exceptional cases or those where the ticketing system’s side is more fragmented. To cover these cases and provide extra flexibility, users can create new tickets on any integration and project already defined in the platform, even if it’s not the one preconfigured for the App or Component.
ASPM from Assets to Improved Findings Details
New column for Libraries
A new column now displays library and version information for each entry in the list. This makes it easier to identify libraries and versions without expanding individual finding entries.
New Due Date / Closed Date column for ASPM
A new dual-purpose column now displays the due date for the findings (based on SLA) or the date when the finding was closed for those that have already been closed.
To avoid confusion, the column’s header displays Due Date for the open findings view, while it displays Closed Date for the closed findings view. If the “All” view is selected the title shows both options, and the date displayed depends on whether the finding is open or closed.
Updated SLA columns
The existing SLA columns have been revamped to enhance Vulnerability management and display more relevant information. Now, the number shown reflects the days left until SLA expiry (in green) or the days the findings are overdue (in red). Moving the mouse over the number will display the SLA applied in each case.
Improved Asset Details in the ASPM lifecycle
Similarly to the findings improvements, this release sports some enhancements released to asset information display.
Display additional asset information.
An important evolution of asset information in Phoenix Security ASPM has revolved around expanding and consolidating asset details. This means more details for all types of assets, including contextual details like cloud information for containers or repositories.
With this release, all asset details, not just those related to the asset type, are included in the Details section.
Additional asset filters
In line with the attribute consolidation mentioned above, now users can filter different types of assets using conditions that are not directly related to the asset type. For example, filtering container assets using “contextual” attributes, like cloud details. Obviously, some of those details will only be present if the container is actually running in a cloud context.
ASPM Integrations
Sysdig Scanner Integration
A new addition to the Cloud scanner lineup included in this release is Sysdig.
Customers using Sysdig as part of their security scanning would be able to integrate with their account using Phoenix’s native API-based integration.
BlackDuck Scanner Integration
In addition to Sysdig, this release includes integration with BlackDuck in the SCA area.
Customers using Sysdig as part of their security scanning would be able to integrate with their account using Phoenix’s native API-based integration.
