Securing modern software systems is complex. Applications are often composed of thousands of components, each with the potential to carry business critical security vulnerabilities that can increase the risk of IP theft, data loss, monetary loss, reputational damage, and more.
To help software organizations be more secure, we are launching the public preview of our vulnerability management solution with a free 90-day trial. New Relic vulnerability management, generally available early next year with Data Plus, enables a more comprehensive approach to security and risk management by offering vulnerability detection across all application dependencies instantly, without any additional configuration, and an open ecosystem so you can easily import security signals from your existing assessment tools.
See vulnerabilities, performance, and availability issues in one connected experience so you can quickly assess which are the most urgent and reduce risk more effectively. The vulnerability management public preview provides:
- Application vulnerability analysis: View the presence of common vulnerabilities and exposures (CVEs) across all dependencies. Get recommendations to update libraries and deploy across language frameworks.
- Infrastructure vulnerabilities in context: Evaluate cloud posture risks from 3rd party tools, including Center for Internet Security (CIS) benchmarks alongside cloud resource performance, and see guidelines for remediation based on known issues.
- Integrate external security tools: Import data from tools such as Snyk, Lacework, GitHub Dependabot, AWS Security Hub, and others using built-in quickstarts, or use APIs to send data from any custom source.
- Mitigation and collaboration workflows: Easily link vulnerabilities to specific orgs, teams, applications, or services based on context available in New Relic, then assign issues to your engineers for triaging.
- All-in-one platform access: Automatic access to all vulnerability management features for full platform users with Data Plus at no additional cost. No contract changes are needed.
Read on to learn more about the benefits of adding vulnerability management to your observability stack.
Continuously analyze your applications for vulnerabilities
To help ensure your applications and dependencies are secure, New Relic vulnerability management also offers:
- Library update recommendations in your APM services based on known vulnerabilities.
- A global view of the dependencies used across individual teams, workloads, and your entire organization to assess the presence of CVEs across your applications.
- Widespread language support, including Java, Node.js, .NET, Ruby, and Python, with Golang and PHP on the way.
Bring your existing assessment tools into our open ecosystem
Integrate the security tools you’re already using with New Relic vulnerability management, giving you complete visibility into security issues in one place. You can consolidate and prioritize your remediation efforts with the following features:
- Import cloud security issues from AWS Security Hub.
- Use third-party assessment tools, including Snyk, Lacework, and Dependabot for complete visibility of security across your services.
- Integrate other third-party security tools through an open API.
Collaborate across your organization to track, fix, and report on vulnerabilities for a more secure stack
To fix vulnerabilities before they impact your business and customers, you need to collaborate and communicate across teams. Too often, security teams work separately from the engineers building your applications, creating security risk vectors. New Relic vulnerability management allows you to:
- Track and report on the vulnerability lifecycle at the organization, team, application, or individual component level.
- Correlate vulnerabilities automatically with your technical entities to help security engineers understand your architecture and prioritize the most critical risks quickly.
- Assign security issues to New Relic users, creating personally prioritized worklists for developers and teams.
Ensure your infrastructure is secure
Security vulnerabilities in your infrastructure can leak data, compromise your services, and knock your application offline. With New Relic vulnerability management, you can:
- Integrate AWS Security Hub to show CIS benchmarks and other cloud posture risks alongside cloud resource performance in New Relic.
- Get recommendations on infrastructure upgrades based on known vulnerabilities.
More security features are on the way
Look for more news in the upcoming months about exciting new features. Soon you’ll be able to automatically detect software flaws like SQL injection, command execution, and other Open Web Application Security Project (OWASP) Top 10 issues. New features to come also include advanced tools like interactive application security testing (IAST) and runtime application self-protection (RASP) to monitor vulnerabilities at testing time and many others.