Global cybersecurity pioneer Coalfire today cemented its lead in automated application security with the upgrade of its application security orchestration and correlation (ASOC) platform. The two-year rebuild and today’s release of ThreadFix v3.1 represents Coalfire’s commitment to transforming vulnerability management capabilities that support the largest cloud service providers and enterprises with unprecedented scalability, processing power, and time to remediation.
ThreadFix has become the centerpiece for many Fortune 100 organizations’ software development lifecycle processes across a variety of industries including healthcare, financial services, and telecommunications and is considered the “tip of the spear” for enterprise grade and cloud native application security development practices. It integrates a multitude of disparate government, risk, compliance, and defect tracking tools to create a new platform that now works in harmony across the secure development lifecycle.
“Coalfire’s well established leadership of cybersecurity services now includes an expanded foundation of complementary world-class technology,” said Vineet Seth, chief product officer, Coalfire. “Our strategic acquisitions, significant platform investments, and establishment of a product function confirms our commitment to delivering tech-enabled services and comprehensive solutions for risk-based application security, attack surface management, scanning, and compliance automation.”
“The customers that we jointly serve represent some of the largest and most sophisticated development, security, and operations (DevSecOps) programs globally,” said Brian Roche, Chief Product Officer, Veracode. “The modern, cloud native architecture that underpins the new ThreadFix release will provide our joint customers with the speed, scale, and flexibility that they expect.”
“Public cloud infrastructure adoption is nearly ubiquitous and we’re seeing a continuing shift to cloud-first policies. Businesses are telling us that eight out of ten applications that are on-premises today are candidates to move to the public cloud within just five years,” said ESG’s Tony Palmer. “With the continuous integration and deployment of cloud-native security controls, DevSecOps automation platforms like ThreadFix are now mission-critical to achieving today’s security-first coverage and scalability requirements in complex environments with multiple vulnerability scanning platforms.”
With a major upgrade to the core ingestion and merge engine, ThreadFix v3.1 becomes a series of microservices running on a collection of containers managed within a Kubernetes environment. Code-to-deployment lifecycles are compressed, and increased efficiencies are gained by parsing incoming data and processing it against scan history. These improvements enable enterprise-level scalability while retaining the platform’s patented and most accurate merge and deduplication capabilities completely intact.
“The new ThreadFix architecture takes threat management and remediation to an entirely new scale with the ability to process vulnerabilities in 1/60th the time than with earlier versions,” said Seth. “With feedback from the ThreadFix installed base and Coalfire’s much larger customer universe and platform leadership, we have wide-ranging access to a wealth of new development resources. We’re putting that power into our clients’ hands as rapidly as possible.”