VPN

Veracode Launches Container Security Offering That Secures Cloud-Native Application Development

Veracode | October 11, 2022 | Read time : 03:41 min

Veracode
Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform to include container security. This early access program for Veracode Container Security is now underway for existing customers. The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images.

Veracode Chief Product Officer, Brian Roche, said, “As developers embrace cloud-native computing practices, containers have become increasingly important for business efficiency. This launch helps close a substantial gap in the market for developer-friendly solutions that cover critical capabilities for container security. We are excited to bring this next enhancement of our platform to the market and empower customers to address security testing for more modern architectures and deployment styles.”

The Requirement for Container Security is Rapidly on the Rise

Containers are increasingly used to simplify software deployment and runtime environment configuration management. They comprise small, fast, portable units of software in which code is packaged so that an application can be run quickly and reliably in different computing environments—from the desktop to the cloud. They provide an ecosystem of repositories, orchestration technologies, and capabilities that address related issues, such as service-to-service communication and configuration management. Instantiated in pipelines from code, containers have the benefit of immutability, meaning they are not updated, reconfigured or patched in production. Instead, the underlying image is updated with new capabilities and redeployed, helping to improve efficiency in the production environment.

Despite the benefits of containers, they are affected by many of the same problems that traditionally plague physical production or virtual server hardware, such as vulnerabilities introduced through additional software, poorly managed secrets (like Amazon Web Services keys and credentials in Dockerfiles), and security misconfigurations. This has resulted in increased demand for products that address these issues and related problems, with the Global Container Security Market size expected to reach $3.9 billion by 2027*. Container security scanning analyzes container images against organizational or industry-specific standards to identify insecure processes, misconfigurations that could lead to a vulnerability, and inadequate authentication and access control.

Veracode Container Security Integrates into the Developer Environment

Many products already in the market are aimed at securing containers in runtime and offer limited support for developers, posing a major challenge for early remediation. Veracode’s solution instead integrates into the CI/CD (continuous integration and continuous delivery) pipeline and is available at the command line interface. Providing coverage for vulnerability detection and remediation, secrets management, and security configuration issues on the most popular operating systems, it delivers remediation advice to developers early in the software development life cycle so that insecure containers don’t ship to production.

Veracode Container Security results are available in a variety of formats based on the user’s choice, including text, JSON (JavaScript Object Notation), and Software Bill of Materials (CycloneDX, SWID [Software Identification Tagging], or SPDX [Software Packaging Data Exchange]), making them easy to integrate with other tools. Providing developers and their teams with the tools to meet their specific needs means they can find and fix vulnerabilities early in the lifecycle, giving them confidence that their containerized application environment is secure.

“Veracode Container Security will be instrumental for our developers to ensure that the workloads they deploy into our cloud are secure,” said the Director of Information Security at an automotive company. “Without this tool, it would take our team weeks to receive and action container results and these would only have been available in limited formats. Now, we’re excited to integrate findings into the pipeline before they even move into production, creating time and cost efficiencies for our business.”

About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Spotlight

VMware offers a plethora of industry’s top certifications that can majorly help you to demonstrate and validate your proficiencies in the field of Information Technology. If you are planning to indulge yourself in one of the VMware Training programs and is not too sure about where you should start from then here’s the VMware Certification path for beginners and experienced professionals. This VMware Roadmap will guide you through the different domains and courses to help you decide your career path at the same time.


Other News
SERVER VIRTUALIZATION

Verge.io Continues Record-Setting Growth, 300% Growth Quarter over Quarter in ARR Bookings

Verge.io | November 09, 2022

Verge.io, a leader in private cloud software, today announced that it saw the second straight quarter of record quarter-over-quarter growth driven by both new customer acquisition and existing customer expansion. To further capitalize on these transformative opportunities, the company appointed Mike Wall as chairman of its board of directors. In Q3 Verge.io closed over 3x more annual recurring revenue (ARR) than Q2, for the 2nd best quarter in company history. This continued upward trajectory is the result of existing customers increasing their deployment of the Verge-OS virtualization software and acquisition of new customers replacing their incumbent implementations due to cost, complexity, inability to scale and lack of ransomware protection. Additionally, Verge.io increased sales velocity, even closing new logos in a matter of weeks. Verge.io also ended Q3 with the strongest pipeline in company history. Multiple transformative opportunities were added to the pipeline that would exponentially increase top line. In addition, numerous new distribution channels are under review that would dramatically increase sales velocity in 2023. These successful results are in part due to Verge.io’s recent expansion of sales and marketing efforts to educate potential customers on the company’s ability to simplify the software defined data center into a single, powerful piece of software that runs on commodity hardware. These efforts, a newly launched website and a new technical wiki and online self-paced training system have earned the attention of analysts and editors. To help continue the momentum that Verge.io is building, the company recruited Mike Wall to serve as its chairman. Wall spent 15 years at Intel, ran its storage division, then spent time at a few VC-backed early-stage ventures in the storage space. His repeated, high-multiple exits in the space further positions Verge.io to capitalize on recent growth to add market valuation. “Coming off of a record-breaking quarter makes this is an exciting time to be a part of the Verge.io team and I look forward to helping continue the sales velocity that we’ve achieved,” said Wall. “From increasing our market visibility to growing our pipeline of global customers to quickly closing sales opportunities, we’ve developed a strong foundation for success. The future is bright for further building our business and providing customers with the cost and IT simplicity that they need.” “Such strong quarter-over-quarter success shows that our efforts to provide a single piece of software that simplifies the data center process and offers a secure multitenancy for clouds is resonating in the marketplace, We are very pleased with the results of Q3 2022 given that we launched our website only 7 months ago and most of our sales team has only been in place for 6 months. From increased bookings with new and existing customers, expanded partnership opportunities and adding experience to our executive board, Verge.io is poised to continue its pattern of growth as we provide a better alternative to traditional legacy cloud architectures that are too complex and require too much management.” Yan Ness, Verge.io CEO Verge-OS software delivers virtualized data centers with more compelling economics and efficiencies than competing platforms. Verge-OS abstracts compute, network, and storage from commodity servers and creates pools of raw resources that are simple to run and manage by an IT generalist. A single license replaces disparate hypervisor, network, storage, data protection, and management tools to simplify technology stacks. Secure virtual data centers based on Verge-OS include all enterprise data services like global deduplication, disaster recovery, continuous data protection, snapshots, long-distance synch, and auto-failover. About Verge.io Verge.io provides a simpler way to virtualize data centers and end IT infrastructure complexity. The company’s Verge OS software is the first and only fully integrated virtual cloud software stack to build, deploy and manage virtual data centers. Verge-OS delivers significant capital savings, increased operational efficiencies, reduced risk, and rapid scalability.

Read More

SERVER VIRTUALIZATION

x-cellent technologies Selects Lightbits for metalstack.cloud

Lightbits | November 21, 2022

Lightbits, the first software-defined and architected for NVMe® over TCP (NVMe®/TCP) data platform for any cloud, today announced that x-cellent technologies, a German-based technology consultancy, will integrate their high-performance, persistent storage running on Intel® high-performance technologies into their metalstack.cloud infrastructure. metalstack.cloud is a new cloud service offering that was initiated by x-cellent technologies on base of Open-Source solutions like Gardener as an alternative to public cloud solutions. metalstack.cloud targets customers and developers who require a secure tech platform to run Kubernetes as a Service for their applications from different industries and market domains, such as manufacturing companies, software companies, consulting companies, and startups. The service is produced and operated in Germany. metalstack.cloud is a set of microservices that implements Kubernetes (K8s) as a service on bare metal and enables elastic cloud infrastructure. It leverages K8s clusters so that end users can easily, securely, and cost-effectively launch their apps on the platform without having to worry about server hardware, networking, and storage management. The architecture is based on their open-source software, metal-stack.io, which was developed for the highly regulated financial sector and is being used successfully by CSPs, including Finanz Informatik Technologie Service (FI-TS), which is also the developer of metal-stack.io and a Lightbits customer. By using metalstack.cloud end users have access to a full K8s stack to develop and run their applications on and can be up and running within 15 minutes. “We have found Lightbits to be a perfect match for K8s workloads, a much simpler, and higher performing alternative to Ceph and other enterprise storage solutions, We have integrated Lightbits software with Intel high-performance hardware into our state-of-the-art Platform as a Service (PaaS), metalstack.cloud, because it allows us to manage the entire infrastructure of the data center with a lot of flexibility and in a highly available way.” Stefan Majer, Chief Technology Officer at x-cellent technologies GmbH The combined solution of Lightbits software with Intel high-performance technologies delivers an unmatched combination of performance, resiliency, and cost-efficiency for any cloud. Together, the companies are helping customers address their complex data center needs enabling CSPs, like metalstack.cloud, to deliver fast, resilient, and secure services to their clients. The solution can be used as a high-performance data platform for any orchestration environment, such as OpenStack, or to run container-based applications in a Kubernetes environment as well as virtualized applications in a VMware vSphere environment. “We are proud that x-cellent technologies have chosen Lightbits for their cloud platforms. It’s a good match, as their business philosophy closely aligns with our own—build state-of-the-art cloud data platforms that are simple to consume and deliver an unbeatable price-to-performance ratio at scale,” said Eran Kirzner, CEO at Lightbits Labs. “Our solutions help rid customers of the costly dependencies to hyperscalers, and vendor lock-in, but without compromising high-performance, security, scalability, and ease of use.” metalstack.cloud is in beta release, with general availability in 2023. About Lightbits Labs Lightbits Labs® (Lightbits), is on a mission to make high-performance block storage simple, scalable, and cost-efficient for any cloud. Lightbits offers a Cloud Data Platform that delivers efficiency, simplicity, and agility for modern data centers. Inventors of the NVMe® over TCP (NVMe/TCP) protocol, Lightbits is leading the digital data center transformation by making software-defined storage that is easy to deploy at scale and delivers performance equivalent to local flash to accelerate cloud-native applications in bare metal, virtual, or containerized environments.

Read More

VPN

VIAVI and VMware Announce Testbed as a Service for RAN Intelligent Controller Testing

Viavi | November 25, 2022

Viavi Solutions Inc.today announced that it has signed a partnership agreement with VMware to drive standardized frameworks and metrics for RAN Intelligent Controller (RIC) testing. This testbed as a service will enable mobile operators to introduce programmability to the RAN and help accelerate the adoption of Open RAN. The RIC is a cloud-native central component of an open and virtualized RAN network, enabling the optimization of RAN resources through analytic processing and adaptation recommendations. The RIC takes advantage of native and third-party xApps and rApps – microservice-based applications operating in near-real time (near-RT) and non-real-time (non-RT), respectively – to enable operators to automate and optimize RAN operations at scale to reduce the operator's total cost of ownership, and to introduce innovative new services. VMware is focused on attracting and collaborating with a vibrant ecosystem of partners to help its operator customers adopt Open RAN with complete confidence. VIAVI has the most comprehensive portfolio of Open RAN test solutions in the industry and plays a leading role in defining test processes in the O-RAN ALLIANCE and Telecom Infra Project (TIP). The two companies will work together to demonstrate compliance with RIC-related requirements, assisting CSPs in validating the solution in the lab and scaling the solution to production. The industry-leading VIAVI TeraVM RIC Test and the VMware RIC will form a joint testbed as a service for testing, profiling, and validating third-party xApps and rApps. In addition to the framework, the two companies will work together to drive industry consensus around testing methodology and performance metrics. By having pre-built test cases and a standardized test method for the RIC and xApp/rApp, operators can reduce the time it takes to validate the solution in their lab, meaning they can move to a production environment faster. "Open RAN, by definition, depends on strong collaboration to drive innovation, and that's a perfect way to think about this partnership between leaders in their respective fields, The RIC represents a huge opportunity to the industry: Applying AI/ML techniques allows operators to simplify the management of complex 5G configurations and dynamically optimize the network to cater for new use cases, energy efficiency, and changing traffic patterns." Ian Langley, Senior Vice President and General Manager, Wireless Business, VIAVI "We're excited to work with VIAVI on helping move the industry forward to accelerate the adoption of Open RAN," said Lakshmi Mandyam, vice president, Service Provider Product Management and Partner Ecosystem, VMware. "Our companies share a vision of what it will take to address the challenges hindering adoption by simplifying the path for CSPs to test, profile, and certify third-party xApps and rApps through a common framework. VIAVI's leadership in Open RAN testing and VMware's leadership in RIC make this an ideal collaboration." About VIAVI VIAVI (NASDAQ: VIAV) is a global provider of network test, monitoring and assurance solutions for communications service providers, hyperscalers, equipment manufacturers, enterprises, government and avionics. VIAVI is also a leader in light management technologies for 3D sensing, anti-counterfeiting, consumer electronics, industrial, automotive, government and aerospace applications. Together with our customers and partners we are United in Possibility, finding innovative ways to solve real-world problems.

Read More

DESKTOP

Alludo Global Survey: Leaders Say They Support Remote and Hybrid Work for Their Teams—the Data Tells a Different Story

Alludo | November 23, 2022

Alludo, a global technology company helping people work better and live better, released survey results that highlight a clear divide in the freedom and flexibility that global management teams have versus individual contributors. While the majority of respondents agree that remote and hybrid work is here to stay, only 40% of non-managers have the freedom to work remotely compared to 63% of people managers* who can work from anywhere. The Alludo survey data shows that leadership has been slow to adopt change across all levels of the organization. Making the shift to a remote and hybrid work model requires a fundamental shift in the way leaders lead. In this new world, the employee-manager relationship is built on trust, and outcomes are the true indicators of success. Employees are no longer constrained by bureaucratic processes and micromanaging––a bottoms-up, “people-first” approach is needed instead of the command and control of the past. This concept is called Work3, an idea championed by Alludo during the company’s recent rebrand. Work3 is a shift in work culture that supports the notion that all employees should have the freedom and flexibility to choose where, when, and how they do their best work. “True leadership isn’t about getting people in a room to do what you want, It’s about giving employees the room to deliver amazing results. The last few years have proven that knowledge workers can be productive at home. It’s time for leadership teams to leave the mandatory 9-to-5 office experience behind and recognize that freedom and flexibility are key to not only working better but living better." Christa Quarles, Chief Executive Officer at Alludo In addition to where they work, employees want flexibility in when they work. The survey data confirms that three-fourths (74%) of employees no longer want to work a standard 9-to-5 day. However, almost half (47%) of non-managers still work standard hours compared to nearly one-third of managers. Again, this highlights the gap in the freedom offered to individual contributors versus managers, with the former having less flexibility when it comes to determining when and where they work. To be successful in the remote and hybrid world, leadership needs to create a cohesive vision, outline clear expectations and outcomes, and give their employees the freedom and flexibility to decide when, where, and how they do their best work. The reality, however, is a far different picture. The survey data shows that C-level executives believe they have adapted to the new way of managing, but non-managers disagree. 58% of C-level executives believe their company has changed the way remote and hybrid employees are managed. But 57% of non-managers disagree and say leadership has not changed their management style and 28% indicate they are still micromanaged. If leaders do not evolve their management style to give their employees more freedom and flexibility to choose where, when, and how they work, data shows that 43% of individual contributors would consider quitting or even changing careers––that’s nearly half! About Alludo Alludo™ is a global technology company helping people work better and live better. We’re the people behind award-winning, globally recognizable brands including Parallels®, Corel®, MindManager®, and WinZip®. Our professional-caliber graphics, virtualization, and productivity solutions are finely tuned for the digital remote workforce delivering the freedom to work when, where, and how you want. With a 35+ year legacy of innovation, Alludo empowers all you do, helping more than 2.5 million paying customers to enable, ideate, create, and share on any device, anywhere.

Read More

Spotlight

VMware offers a plethora of industry’s top certifications that can majorly help you to demonstrate and validate your proficiencies in the field of Information Technology. If you are planning to indulge yourself in one of the VMware Training programs and is not too sure about where you should start from then here’s the VMware Certification path for beginners and experienced professionals. This VMware Roadmap will guide you through the different domains and courses to help you decide your career path at the same time.

Resources