RSA Conference Day 2: IBM, Microsoft, SolarWinds Reaction, Zero Trust

… won’t find a hole.”

“On the government side, we want to begin taking aggressive steps to do our part to ensure that the software the government buys is built more securely from the start by potentially requiring federal vendors to build software in a secure development environment,” she said. “Our efforts will pay dividends outside of the federal government because much of the software the government buys is the same software that schools, small businesses, big businesses and individuals buy.”

The starting point for building more securely is where you build your software, Neuberger said. It should be in a separate and secure environment. That includes using strong authentication, limiting privileges and encryption.

“It also includes knowing the provenance of the code you include in your builds, and using modern tools to check for new and potential vulnerabilities,” she said. “These basic practices are not universal.”

First Solution From Thycotic/Centrify Merger

At RSA, ThycoticCentrify, formed by the merger of privileged access management (PAM) providers Thycotic and Centrify, unveiled its cloud provider solution to centrally manage AWS billing accounts, identity and access management (IAM) accounts, and AWS EC2 instances in real time.

The ThycoticCentrify cloud provider solution for AWS provides privileged access management capabilities to continuously discover and manage AWS EC2 instances in real time with password vaulting, access controls and privilege elevation.

AWS IAM accounts and associated access keys are eliminated or vaulted to reduce the attack surface. Continuous EC2 discovery and post-discovery automations ensures visibility. And EC2 instances and their privileged accounts are secured and brought under centralized management.

David McNeely is ThycoticCentrify’s CTO.

“The cloud is a game-changer when it comes to scalability and availability,” he said. “But it has also changed the game for cyberattackers looking to leverage new vulnerabilities created by disparate controls and resulting identity management challenges.”

Synopsys Unveils New Technology Alliance Partner Program

Also at RSA, Synopsys unveiled its new Technology Alliance Partner (TAP) program. It’s part of the cybersecurity provider’s global partner program.

The TAP program has more than 40 DevOps partners. It simplifies and accelerates partner integration with intelligent orchestration and other Synopsys application security solutions.

Through the TAP program, development, DevOps and security technology providers can partner with Synopsys to integrate the company’s application security and risk management solutions with their products. These integrations make it easier for organizations to build automated application security controls into their existing DevOps toolchains.

Synopsys recently introduced its Intelligent Orchestration solution. It’s a dedicated application security automation pipeline that integrates with DevOps tools to make security testing easier to manage for development teams. Intelligent Orchestration integrates with CloudBees and GitHub Actions.

Anders Wallgren is CloudBees’ vice president of strategy.

“Through our strategic partnership with Synopsys and integration between our respective tools, CloudBees and Intelligent Orchestration, customers can utilize automation and risk-based intelligence to run the right tests at the appropriate stages in the pipeline, which can dramatically reduce unnecessary friction,” he said.