Veracode | October 11, 2022
Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform to include container security. This early access program for Veracode Container Security is now underway for existing customers. The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images.
Veracode Chief Product Officer, Brian Roche, said, “As developers embrace cloud-native computing practices, containers have become increasingly important for business efficiency. This launch helps close a substantial gap in the market for developer-friendly solutions that cover critical capabilities for container security. We are excited to bring this next enhancement of our platform to the market and empower customers to address security testing for more modern architectures and deployment styles.”
The Requirement for Container Security is Rapidly on the Rise
Containers are increasingly used to simplify software deployment and runtime environment configuration management. They comprise small, fast, portable units of software in which code is packaged so that an application can be run quickly and reliably in different computing environments—from the desktop to the cloud. They provide an ecosystem of repositories, orchestration technologies, and capabilities that address related issues, such as service-to-service communication and configuration management. Instantiated in pipelines from code, containers have the benefit of immutability, meaning they are not updated, reconfigured or patched in production. Instead, the underlying image is updated with new capabilities and redeployed, helping to improve efficiency in the production environment.
Despite the benefits of containers, they are affected by many of the same problems that traditionally plague physical production or virtual server hardware, such as vulnerabilities introduced through additional software, poorly managed secrets (like Amazon Web Services keys and credentials in Dockerfiles), and security misconfigurations. This has resulted in increased demand for products that address these issues and related problems, with the Global Container Security Market size expected to reach $3.9 billion by 2027*. Container security scanning analyzes container images against organizational or industry-specific standards to identify insecure processes, misconfigurations that could lead to a vulnerability, and inadequate authentication and access control.
Veracode Container Security Integrates into the Developer Environment
Many products already in the market are aimed at securing containers in runtime and offer limited support for developers, posing a major challenge for early remediation. Veracode’s solution instead integrates into the CI/CD (continuous integration and continuous delivery) pipeline and is available at the command line interface. Providing coverage for vulnerability detection and remediation, secrets management, and security configuration issues on the most popular operating systems, it delivers remediation advice to developers early in the software development life cycle so that insecure containers don’t ship to production.
“Veracode Container Security will be instrumental for our developers to ensure that the workloads they deploy into our cloud are secure,” said the Director of Information Security at an automotive company. “Without this tool, it would take our team weeks to receive and action container results and these would only have been available in limited formats. Now, we’re excited to integrate findings into the pipeline before they even move into production, creating time and cost efficiencies for our business.”
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.
VMware | September 16, 2022
VMware, Inc. announced that it has reached a settlement with the U.S. Securities and Exchange Commission (the “SEC”) to resolve a previously disclosed investigation related to the Company’s backlog disclosures in public filings for its 2019 and 2020 fiscal years, which ran from February 3, 2018 through January 31, 2020.
Under the terms of the settlement, the Company has agreed to pay a civil monetary penalty of $8 million without admitting or denying the SEC’s findings, which relate to the Company's disclosures. The SEC’s findings do not include any findings that the Company failed to comply with generally accepted accounting principles. The SEC Staff has confirmed that it does not intend to recommend enforcement action against any current or former VMware officers or other member of management in connection with the investigation, and this settlement concludes the matter.
VMware believes this settlement is the right course of action for the Company and continues to be committed to operating at the highest level of integrity, including with respect to its public filings and communications with investors.
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.
VIRTUAL SERVER INFRASTRUCTURE
Imprivata | November 03, 2022
Imprivata, the digital identity company for mission- and life-critical industries, and IGEL, provider of the managed endpoint operating system for secure access to any digital workspace, today announced from Microsoft Ignite an expanded partnership which has resulted in the co-development of secure identity and access management for Microsoft Azure Virtual Desktop (AVD) and Windows 365 Cloud PC environments from IGEL OS. Together, the companies have integrated the Imprivata OneSign® digital identity platform into IGEL OS for seamless and secure access to workspaces powered by Microsoft Azure.
This expanded Imprivata and IGEL partnership extends the companies' longstanding relationship which has empowered thousands of healthcare users to achieve secure, quick, and easy access to clinical applications using IGEL OS-powered endpoints. Through IGEL's active participation in the Imprivata Developer Program, the companies have jointly integrated Imprivata OneSign with IGEL OS to enable users of Microsoft AVD and Windows 365 Cloud PC seamless No Click Access® to desktops and applications using Imprivata single sign-on and authentication management technology. This gives healthcare organizations that want to migrate their digital workspaces to the cloud a new, secure option to use Microsoft's AVD or Windows 365 Cloud PC solutions in their clinical environments.
"IGEL and Imprivata have collaborated for over a decade on delivering a secure and seamless single sign-on experience for the access our mutual customers need to workstations, applications and virtual desktops, We are pleased to now extend this secure digital identity capability for customers that want to benefit from extending their workspaces to the cloud with Microsoft AVD and Windows 365 Cloud PC. Together, our combined solution delivers the strong data security and simplified compliance healthcare organizations need when moving to Microsoft Azure-powered workspaces."
Matthias Haas, Chief Technology Officer, IGEL
"Our co-development work to integrate Imprivata OneSign with the simple, smart and secure IGEL OS has resulted in a unified solution for the compliant and safe access of digital workspaces, data and apps in the Azure cloud," said Wes Wright, Chief Technology Officer, Imprivata. "Now, organizations considering Microsoft AVD or Windows 365 Cloud PC have assurance that they can use the secure, friction-free digital identity and agile, easy to manage operating system from a single, proven solution."
The Imprivata OneSign integration with IGEL OS is now available for beta customer trials. For more information or to register for trial access, please visit: www.igel.com/avd. To test drive IGEL OS on a LG or Lenovo laptop, please visit www.igel.com/whycompromise and use the code "PR2022."
Imprivata is the digital identity company for mission- and life-critical industries, redefining how organizations solve complex workflow, security, and compliance challenges with solutions that protect critical data and applications without workflow disruption. Its platform of interoperable identity, authentication, and access management solutions enable organizations in over 45 countries to fully manage and secure all enterprise and third-party digital identities by establishing trust between people, technology, and information.
Lightbits | November 21, 2022
Lightbits, the first software-defined and architected for NVMe® over TCP (NVMe®/TCP) data platform for any cloud, today announced that x-cellent technologies, a German-based technology consultancy, will integrate their high-performance, persistent storage running on Intel® high-performance technologies into their metalstack.cloud infrastructure. metalstack.cloud is a new cloud service offering that was initiated by x-cellent technologies on base of Open-Source solutions like Gardener as an alternative to public cloud solutions. metalstack.cloud targets customers and developers who require a secure tech platform to run Kubernetes as a Service for their applications from different industries and market domains, such as manufacturing companies, software companies, consulting companies, and startups. The service is produced and operated in Germany.
metalstack.cloud is a set of microservices that implements Kubernetes (K8s) as a service on bare metal and enables elastic cloud infrastructure. It leverages K8s clusters so that end users can easily, securely, and cost-effectively launch their apps on the platform without having to worry about server hardware, networking, and storage management. The architecture is based on their open-source software, metal-stack.io, which was developed for the highly regulated financial sector and is being used successfully by CSPs, including Finanz Informatik Technologie Service (FI-TS), which is also the developer of metal-stack.io and a Lightbits customer. By using metalstack.cloud end users have access to a full K8s stack to develop and run their applications on and can be up and running within 15 minutes.
“We have found Lightbits to be a perfect match for K8s workloads, a much simpler, and higher performing alternative to Ceph and other enterprise storage solutions, We have integrated Lightbits software with Intel high-performance hardware into our state-of-the-art Platform as a Service (PaaS), metalstack.cloud, because it allows us to manage the entire infrastructure of the data center with a lot of flexibility and in a highly available way.”
Stefan Majer, Chief Technology Officer at x-cellent technologies GmbH
The combined solution of Lightbits software with Intel high-performance technologies delivers an unmatched combination of performance, resiliency, and cost-efficiency for any cloud. Together, the companies are helping customers address their complex data center needs enabling CSPs, like metalstack.cloud, to deliver fast, resilient, and secure services to their clients. The solution can be used as a high-performance data platform for any orchestration environment, such as OpenStack, or to run container-based applications in a Kubernetes environment as well as virtualized applications in a VMware vSphere environment.
“We are proud that x-cellent technologies have chosen Lightbits for their cloud platforms. It’s a good match, as their business philosophy closely aligns with our own—build state-of-the-art cloud data platforms that are simple to consume and deliver an unbeatable price-to-performance ratio at scale,” said Eran Kirzner, CEO at Lightbits Labs. “Our solutions help rid customers of the costly dependencies to hyperscalers, and vendor lock-in, but without compromising high-performance, security, scalability, and ease of use.”
metalstack.cloud is in beta release, with general availability in 2023.
About Lightbits Labs
Lightbits Labs® (Lightbits), is on a mission to make high-performance block storage simple, scalable, and cost-efficient for any cloud. Lightbits offers a Cloud Data Platform that delivers efficiency, simplicity, and agility for modern data centers. Inventors of the NVMe® over TCP (NVMe/TCP) protocol, Lightbits is leading the digital data center transformation by making software-defined storage that is easy to deploy at scale and delivers performance equivalent to local flash to accelerate cloud-native applications in bare metal, virtual, or containerized environments.