By Byron V. Acohido

Application Security Posture Management (ASPM) arose a few years ago as a strategy to help software developers and security teams continually improve the security of business applications.

At Black Hat USA 2024, an iteration called Active ASPM is in the spotlight. I had the chance to visit with Neatsun Ziv, CEO and co-founder of Tel Aviv-based OX Security, a leading Active ASPM solutions provider.

I learned all about how Active ASPM emphasizes continuous, real-time monitoring and proactive remediation, thereby augmenting more passive ASPM methods, if you will, that focus on data aggregation and periodic assessments, Ziv told me. For a full drill down, please give the accompanying podcast a listen.

For its part, OX Security does this by going the extra mile to provide rich, detailed context that enables security teams to do triage more effectively – and CISOs to justify, with hard evidence, why resources need to be directed at specific security improvements.

This heavy lifting gets done, he says, by “going into the code and reading the code myself. I’m going to connect to the cloud, read the configurations and read the active assets you’ve got in your cloud. I’m going to connect to your artifact registry and scan what’s in there. I’m going to connect to your existing tools, understand what’s in there, and basically use every asset that you have inside your organization to provide the best and most accurate answer to the question, ‘Are you right now at risk? If so, let me guide you through the process of getting to a safer place.’ “

How high might Active ASPM move the bar, going forward? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

---

(LW provides consulting services to the vendors we cover.)

August 13th, 2024