Baltimore, MD – July 10, 2019 – Protego Labs announces an enhancement to the Protego Proact and Protego Function Self-Protection (FSP) solutions with the introduction of a new CI/CD pipeline integration tool. It has been nearly impossible for developers to keep up with adding least privilege policies to code quickly and efficiently in modern-applications. Current processes lack scalability, and omit the behavioral analysis required to understand what the code should be doing. With the enhancements and new functionality, Protego makes it easier for organizations to truly shift security left from development through to deployment, in a smooth and frictionless manner. The tool makes it simple to take a “zero trust” approach throughout the development and deployment lifecycle, via a seamless integration with all common frameworks. The tool ensures a continuous, stringent security posture throughout different environments, and offsets human errors created along the way.
The Protego pipeline integration tool operates during the entire lifecycle of the code with the Protego Proact and Protego FSP solutions. During development time, the enhanced tool within Protego Proact detects security issues from the start. This helps developers identify security risks such as over permissive roles, vulnerable 3rd party dependencies, and hardcoded credentials in their functions easily and early, just as they would identify compilation errors. From there, Protego’s built-in remediation tips allow teams to make sure issues get resolved prior to deployment. This thorough code analysis also runs in the CI/CD pipeline to prevent vulnerable functions from deploying to the production environment. The Proact solution is highly customizable, allowing developers to choose between basic configurations or customizing configurations to their exact needs. For example, the tool can be customized to set a fail threshold so only critical tasks fail deployment.
During deployment, the tool works within the Protego FSP solution for runtime protection. By adding a layer of self-protection to the AWS Lambda function, this enhanced solution provides extensive visibility into what the application code is doing, including monitoring process launching, network activity, and API calls. The FSP solution can also implement selective security detection and blocking for various types of attacks. Protego’s pipeline integration tool streamlines and smooths the process of adding the FSP layer even more, by taking all the functions ready for deployment and automatically inserting the FSP Lambda layer.
To apply the FSP injection, the client simply adds Protego to the deployment pipeline using the same common integrations. For example, when it comes to the Serverless framework, all you need to do is add Protego to your pipeline with the Protego plugin and the serverless.yml file. Once it is a part of the serverless pipeline, Protego will add the FSP layer to the functions and report the results as the functions are deployed.
With Protego, both the security and developer teams can be in control of the code used within their modern applications, with security that does not impede progress.