industry news
Subscribe Now

Synopsys to Showcase New Application Security Orchestration Solution at RSA Conference

Innovative Intelligent Orchestration delivers automated security testing workflows optimized for speed and efficiency in DevOps pipelines

MOUNTAIN VIEW, Calif., May 4, 2021 /PRNewswire/ — Synopsys, Inc. (Nasdaq: SNPS) today announced it will showcase the Software Integrity Group’s new Intelligent Orchestration solution at RSA Conference on May 17th – 20th. Intelligent Orchestration is a dedicated application security automation pipeline, optimized for speed and efficiency, that ensures the right security tests are performed at the right time. Intelligent Orchestration, which runs in parallel to build and release pipelines, utilizes innovative technology to automatically determine and initiate the most appropriate security tests, including static (SAST), dynamic (DAST), interactive (IAST), and software composition analysis (SCA), based on pre-defined risk policies and changes made to an application.

As the pace and complexity of software development increases, security and development teams in all industries have recognized that integrating and automating security testing within their development toolchains and workflows is essential. However, they often find that doing this can slow development pipelines and overwhelm development teams with large volumes of testing results, many of which do not require immediate attention.

The concepts and technology behind Intelligent Orchestration were developed and refined through years of experience helping customers navigate these challenges, including a Fortune 500 financial services company undergoing a significant digital transformation effort:

“Testing your business-critical applications for security vulnerabilities is essential, but when it comes to producing actionable results and earning developers’ trust in a DevOps environment, the tests you don’t run can be equally as important as the tests you do run,” said the director of application security for the financial services client. “Avoiding extraneous testing cycles and prioritizing the critical vulnerabilities that present the most risk to your organization is key to embracing the benefits of DevSecOps. We worked closely with Synopsys as they developed their Intelligent Orchestration solution to address the DevSecOps bottlenecks we were grappling with.”

Intelligent Orchestration provides the following capabilities and benefits:

  • Dedicated “continuous security” pipeline
    Intelligent Orchestration is a dedicated continuous integration (CI) pipeline that runs in parallel to build and release pipelines to perform necessary application security tests.
  • Seamless integration with existing pipelines and development toolchains
    Intelligent Orchestration does not require build and release pipelines to be reimplemented. Instead, it easily integrates with CI pipelines via simple API calls.  In addition, extensible DevOps integrations enable teams to incorporate application security tests performed by Synopsys tools as well as open source and third-party tools, and deliver results via the development, risk management, and issue tracking tools they already use.
  • Ensures the right tests are run at the right time
    Teams can define their application security policies as code, specifying rules for security analysis, notification, and remediation. Using innovative technology, Intelligent Orchestration then uses that policy to evaluate code changes and other SDLC events to intelligently trigger the appropriate security tests, maximizing velocity by performing only the tests that are needed when they are needed.
  • Delivers the right information to the right teams
    Intelligent Orchestration optimizes and standardizes application security reporting across the gamut of security testing tools. Results are automatically filtered and prioritized based on risk and delivered directly within the development and defect tracking tools development teams already use, preventing “vulnerability overload” and enabling teams to achieve the maximum risk impact at minimum cost.
  • Automates the workflow for manual or out-of-band testing activities
    Intelligent Orchestration policies can also trigger manual security activities such as penetration tests, through defect tracking systems and communication channels, enabling security teams to coordinate security compliance with development workflows.

“Every organization embracing DevOps encounters friction when they integrate and automate security testing into their DevOps environments,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Automating the enforcement of application security policies across your portfolio and managing high volumes of security testing results, while trying to keep pace with the accelerating speed of development, can be a daunting task. These challenges are precisely what Intelligent Orchestration is designed to address. Through policy-driven intelligence, automation, and extensive integrations, Intelligent Orchestration streamlines security testing programs based on risk and continuous iteration.”

To learn more or to schedule a demo, visit the Intelligent Orchestration webpage, read the blog post, or register for the webinar on May 26, 2021.

About the Synopsys Software Integrity Group

Synopsys Software Integrity Group helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle. Learn more at www.synopsys.com/software.

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As an S&P 500 company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and offers the industry’s broadest portfolio of application security testing tools and services. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing more secure, high-quality code, Synopsys has the solutions needed to deliver innovative products. Learn more at www.synopsys.com.

Leave a Reply

featured blogs
May 12, 2021
The ICADVM20.1 ISR18 and IC6.1.8 ISR18 production releases are now available for download at Cadence Downloads . For information on supported platforms and other release compatibility information,... [[ Click on the title to access the full blog on the Cadence Community site...
May 11, 2021
Human vision in indispensable and often taken for granted. Similarly machine, or embedded, vision influences daily human life in ways thought impossible. Simply, machine vision refers to the ability of embedded systems to “see”. Key system components include camer...
May 6, 2021
Learn how correct-by-construction coding enables a more productive chip design process, as new code review tools address bugs early in the design process. The post Find Bugs Earlier Via On-the-Fly Code Checking for Productive Chip Design and Verification appeared first on Fr...
May 4, 2021
What a difference a year can make! Oh, we're not referring to that virus that… The post Realize Live + U2U: Side by Side appeared first on Design with Calibre....

featured video

Insights on StarRC Standalone Netlist Reducer

Sponsored by Synopsys

With the ever-growing size of extracted netlists, parasitic optimization is key to achieve practical simulation run times. Key trade-off for any netlist reducer is accuracy vs netlist size. StarRC Standalone Netlist reducer provides the flexibility to optimize your netlist on a per net basis. The user has total control of trading accuracy of some nets versus netlist optimization - yet another feature from StarRC to provide flexibility to the designer.

Click here for more information

featured paper

Smile, You're on My Security Camera!

Sponsored by Maxim Integrated

Advances in wireless and IoT technologies are fueling market growth for security camera systems. Outdoor security cameras need to operate for a long time on small disposable batteries. This design solution shows how a high-performance power management system can power an outdoor security camera several months longer than an ordinary solution.

Click to read more

featured chalk talk

Maxim's Ultra-High CMTI Isolated Gate Drivers

Sponsored by Mouser Electronics and Maxim Integrated

Recent advances in wide-bandgap materials such as silicon carbide and gallium nitride are transforming gate driver technology, bringing higher power efficiency and a host of other follow-on benefits. In this episode of Chalk Talk, Amelia Dalton chats with Suravi Karmacharya of Maxim Integrated about Maxim’s MAX22700-MAX22702 family of single-channel isolated gate drivers.

Click here for more information about Maxim Integrated MAX22700–MAX22702 Isolated Gate Drivers