Capabilities address security risk detection and mitigation areas unique to cloud-native applications
Mend.io, a leader in application security, today announced the launch of Mend Container. Using state-of-the-art reachability analysis, Mend Container extends the features of Mend SCA into the container runtime environment and adds entirely new areas of security risk detection and mitigation unique to cloud-native applications.
The added layer of abstraction of container architecture often makes it difficult for security teams relying on legacy tools to track down vulnerabilities and poorly stored secrets, assess true risk, and effectively enforce policies. Moreover, customary “shift left” approaches miss the vulnerabilities that sneak in during the containerization process. Existing container security solutions also produce large volumes of vulnerability alerts, much of them just noise as the vulnerability is actually unreachable at runtime.
“While cloud-native development brilliantly solves problems related to scalability and effective resource use, it also results in increased complexity and new security challenges that traditional AppSec tools can’t solve,” says Rami Sass, co-founder and CEO, Mend.io. “But when 94 percent of all companies worldwide use cloud software, securing container-based applications has never been more important. That’s why we’re excited to announce the launch of Mend Container.”
Mend Container
Mend Container adds key features and benefits to Mend SCA, including:
- Container reachability. Identifies which vulnerable files and methods are being called at runtime without the need to install runtime agents.
- Secrets detection. Identifies credentials, passwords, keys, and certificates being exposed or handled inappropriately, putting applications at risk.
- Kubernetes cluster scanning. Scans all running container images within Kubernetes clusters to easily find and label containers that are actually in use and deployed.
- Development to deployment coverage. Comprehensive container security coverage for cloud-native applications, starting with static image scans in the pipeline using Mend SCA all the way to container behavior analysis for security risks in runtime with Mend Container.
For more information, see Mend Container.
About Mend.io
Trusted by the world’s leading companies, including IBM, Google, and Capital One, Mend.io’s enterprise suite of application security tools is designed to help you build and manage a mature, proactive AppSec program.
Mend understands the different AppSec requirements of developers and security teams. Unlike other AppSec solutions that force everyone to use a single tool, Mend helps them work in harmony by giving each team different, but complementary, tools—enabling them to stop chasing vulnerabilities and start proactively managing application risk.