Interview: Checkmarx on the state of software security in Asia Pacific
Checkmarx has been in the security business for almost 15 years, honing its craft in static and interactive application security testing, software composition analysis, and AppSec training and awareness.
In that time, the company has made waves – it now works with 1400 customers worldwide, and has gained accolades from tech analysts such as Gartner.
The company, which was an early innovator in application security testing, remains committed to every organisation's quest to develop secure software, faster.
We spoke to Checkmarx Australia and New Zealand country manager Raygan Flores about the country's Asia Pacific expansion, key cyber attack and defence trends, and how local organisations shape up when it comes to security.
Checkmarx expands expertise to Asia Pacific organisations of all sizes
With an established global presence, Checkmarx wants to make sure that customers across Asia Pacific (APAC), Australia and New Zealand (ANZ) are provided with every opportunity to take advantage of local expertise.
For example, Flores notes that ANZ organisations have a good grasp on modern DevOps.
“Organisations can improve by adding a layer of automation to take the next step toward true DevSecOps. Additionally, they can better align their organisational policy with DevSecOps to home in on defining key training and vulnerability metrics, rather than boiling the ocean to achieve scope at the cost of depth.
To support customers to achieve these goals, Checkmarx brings together industry-leading technology and expert advisory through a wide range of professional services and optimised processes, which are key factors to a successful software security program.
Flores says that while the company initially focused on larger businesses, it is now broadening its focus to cater to smaller and medium-sized businesses. After all, software security is something that every organisation must work toward.
“We've ramped up our investment on in-region and in-country resources across sales, marketing and technical teams to ensure we work closely with our customers and capture what's important to their business,” Flores says.
Why uncovering critical software vulnerabilities is so important
In addition to spreading awareness about the importance of software security, Checkmarx runs a dedicated research program.
“The Checkmarx Security Research Team has been responsible for disclosing some of the most jaw-dropping findings, ranging from eavesdropping scenarios with Amazon Alexa and Android smartphones to open source vulnerabilities within Drupal,” says Flores.
Open source research is critical because it catches flaws in software creation and highlights how development practices must change. Flores adds that the research team is committed to analysing open source packages, IoT devices, and software in general, in order to bring more security awareness to end users and to protect the privacy of customers and consumers.
There is plenty to defend against – particularly when developers are now feeling the pressure to develop software faster whilst keeping everything secure. It's no easy task if the right tools and processes aren't in place, Flores says.
“Now, more than ever, software is essential to our day-to-day operations as we all adapt to the rapid pace of digital transformation, which has been further escalated due to current events. While the benefits of software are obvious, this proliferation also creates a massive and ever-evolving attack surface,” says Flores.
“Unfortunately, we're often seeing security suffer most as a result as evidenced by vulnerable software being exploited by malicious actors happening every day.
“In a world where one data breach is all it takes to bring a business to its knees, organisations must be prepared and vigilant when it comes to securing their software.”
Application security testing – the bread and butter of software security
Application security testing goes a long way to securing any organisation, particularly as the root cause of most attacks comes from vulnerable software.
If you think about what software must achieve, it is clear there are multiple complexities. Software must be interconnected - particularly across mobile and cloud, it could leverage the internet of things and artificial intelligence, and often it is based on open source technologies. The end result is software across many different endpoints.
“With that said, organisations are acknowledging that their traditional approaches to software security are falling short and realising that security must be intrinsic with development processes. Awareness is the first step toward action and improvement,” says Flores.
Checkmarx addresses these issues in several ways, but it ultimately comes down to empowering developers to write more secure code. In turn, secure code helps applications to become impenetrable to cyber threats.
Checkmarx solutions empower developers
Checkmarx solutions are designed to help developers and organisations classify, report, and fix vulnerabilities in software.
Flores explains, “Our Software Security Platform – which combines SAST, IAST, SCA, and AppSec developer awareness and training – helps customers move to automated security scanning as part of the DevOps process so they can improve the security and quality of their software without slowing down development speeds.
“As a pioneer in software security, we're on a mission to transform the industry to move beyond traditional security testing, to managing software security across the entire software development lifecycle.
That ongoing mission remains a successful part of Checkmarx' identity, and it hasn't gone unnoticed by industry analysts. The company was recently named a Leader in the 2020 Gartner Magic Quadrant for AST, and it scored highest for the DevOps/DevSecOps use case in Gartner's 2020 Critical Capabilities report.
“We're laser-focused on helping our customers move to automated security scanning so they can improve the security and quality of their software and couldn't be more excited about the road ahead. Now, more than ever, security must be top-of-mind for all organisations,” Flores concludes.
Please visit Checkmarx.com for information on Checkmarx solutions and services, whitepapers and customer references.
Checkmarx also offers a Knowledge Centre, which comprises enterprise documentation that includes active navigational links to Release notes, integration guides and many more.