By now, most Americans have heard of the breach of over 143 million (and counting) U.S. consumer’s financial data to hackers earlier this month.  A well-published vulnerability in Apache Struts (CVE-2017-5638) was not patched for months in Equifax applications.  This vulnerability was readily available to hackers and exploited against critical systems holding data such as credit card numbers, personally-identifiable information (PII), names, addresses, and Social Security numbers of U.S. consumers. Better yet, Equifax was not able to detect the breach for nearly two months. In the following days, investigators have identified a host of additional problems at Equifax systems across the world.

As we continue to survey the damage to Equifax, credit card companies, and the financial security of hundreds of millions of American consumers, two thing becomes crystal clear:

  1. This was a preventable IT Security tragedy
  2. This could happen to nearly anyone else, at any time.

A company’s private data is one of the most valuable pieces of information it can have.  Exposure of this data can lead to financial distress, brand damage and legal implications if organizations are found neglectful of protecting legally-mandated information.  If you’re worried about how you can prevent an IT disaster of this scale at your own organization, you’re not alone.  Luckily, Coveros has implemented DevSecOps solutions to solve this particular problem to do just that.

For years, the cybersecurity community has been pushing the adoption of DevSecOps practices as a key enabler of the identification, remediation and rapid remediation mechanism for vulnerabilities in custom-built applications. Software can be delivered earlier with far fewer quality defects and security vulnerabilities. By integrating a tool like Sonatype’s Nexus Lifecycle into your pipeline, your organization can analyze every library in use by your system, identify which libraries have vulnerabilities, block developers from utilizing vulnerable binaries, and provide mechanisms for automatically upgrading to a secure library. 

How Coveros Can Help:

  • Application Security Risk Assessment – Analyze your existing software immediately to assess your application’s risk and existing vulnerabilities in your software and third-party libraries
  • DevSecOps Automation – Integrate Security tools into your existing DevOps process to assist you in rapidly build secure software
  • Remediation Services – Remediate any identified issues in your applications to fix critical issues

Coveros has implemented DevSecOps automation to help our customers secure their apps at some of the nation’s leading public and private institutions including, US Citizenship and Immigration Services, the Department of Homeland Security, and Fannie Mae. Our consultants are available to help you implement the right solution, or coach you through the process.  We can coach your teams how to make application security the collective responsibility of the entire team.   If you want to learn more about how we can help you. Please contact us at [email protected].

Don’t let your organization be the next Equifax.

Leave a comment

Your email address will not be published. Required fields are marked *