Contrast Security has expanded its Contrast Serverless Application Security offering to include support for Microsoft Azure Functions, allowing customers to scan for security vulnerabilities across multiple clouds.
Tony Surma, CTO, US Partners, Microsoft stated, “With the tremendous adoption of Microsoft Azure Functions by customers around the globe, we’re glad to see a partner like Contrast Security deliver a modern approach to help those organizations optimize their serverless security. Supporting proper permissions settings and uncovering vulnerable code with suggested remediation is an essential part of a secure modern application platform.”
Due to their inherent advantages, serverless and cloud-native development is being quickly adopted by businesses. However, due to public cloud providers’ “shared responsibility security model,” businesses find it difficult to determine which applications are completely secure, especially if they’re utilizing multi-cloud IT strategies.
Data indicates that 74% of infrastructure decision-makers at firms adopting public cloud use two or more public clouds, and 17% use five or more, according to the Forrester Avoid the Security Inconsistency Pitfalls Transitioning To Serverless 2022 report. Because of the misunderstanding of shared responsibility security models, 82% of cloud users have encountered security incidents.
Contrast Serverless satisfies the needs of organizations that want a new security tooling specifically designed to assess serverless risks while guarding against common vulnerabilities (CVEs), spotting errors, and revealing user privilege problems within a single interface.
With the addition of Microsoft Azure Functions support, organizations will be able to assess the risk of their serverless applications on both Amazon Web Services (AWS) and Microsoft platforms from a single offering, among other advantages.
- Complete visibility of cloud-native serverless functions within the application, allowing the AppSec team to continuously monitor the organization’s serverless posture.
- Scan open-source dependencies used in applications and custom code on a regular basis for vulnerabilities.
- Detect configuration errors.
- Discover issues with the least privilege based on Microsoft Azure function policy roles and active directory configurations.
- Create a contextual Microsoft Azure Functions risk score using the methods described above, allowing teams to address the highest risk issues first.
- Ability to remediate function code in both AWS and Microsoft Azure environments.
Steven Phillips, VP of Product Marketing at Contrast Security commented, “The ability to analyze access permissions, evaluate the security posture of open-source components, and identify attack surfaces together provides organizations with the context and precision needed to assess serverless application security risks. This combined with the added benefit of uncovering high-priority issues during the development process – and not after the fact when the application has already been made publicly available – is a unique value delivered by Contrast. Developers can now efficiently secure cloud-native applications and take advantage of best-of-breed offerings from multiple hyper-scale cloud providers.”