New Relic Inc. is expanding its observability toolbox with a new service called New Relic Interactive Application Security Testing, available today in public preview.

According to the company, New Relic IAST extends application security testing by providing visibility and context into the findings. It also offers advanced threat and vulnerability detection accuracy with near-zero false positives and proof-of-exploit, plus guided remediation to help teams fix any problems they discover.

The new offering is aimed at DevOps teams that build and ship continuously updated software. New Relic cites a paper by Osterman Research that shows 85% of applications contain vulnerabilities when shipped. That emphasizes the need for a context-driven approach to identify, prioritize and verify those bugs with proof-of-exploit to ensure faster remediation. But current application security testing methods generally work on a reactive basis, which results in false positives, missed release cycles and increased costs.

New Relic IAST enhances application security testing by enabling vulnerabilities to be discovered more quickly and without false positives, the company said. It is based on a patented deterministic technique that’s able to identify and automatically validate vulnerabilities and provide concrete proof of its findings. That, New Relic says, helps to reduce noise and speed up the remediation process.

New Relic Chief Product Officer Manav Khurana said developers must reimagine the way they build and secure cloud-native applications to minimize security risks. “Adopting a converged observability and security approach is a must in order to help engineers deliver optimized user experiences,” he explained. “Enabling engineers to transform their view of the health, performance, and security of their applications and infrastructure will provide them the ability to take real-time action to eliminate security risks earlier before it impacts their organization’s bottom line.”

The new offering provides 360-degree visibility of the entire application stack and associated relationships, with context-driven insights that help to validate remediation efforts. It also has dynamic assessment capabilities that simulate real-world attacks to pinpoint the exact source of vulnerabilities.

It takes a proactive approach too, with guardrails and status tracking features that help developers avoid mistakes during the software development lifecycle. Finally, New Relic said, the service is simple to deploy via its existing application monitoring agent, and integrates with existing software pipelines seamlessly to avoid disrupting existing processes and workflows.

International Data Corp. analyst Stephen Elliot said organizations must plug application security holes to increase customer loyalty and trust, reduce their financial losses and achieve regulatory compliance. “Applying security testing during the application development and testing stages can ensure issues are caught well before they impact customers, while helping modernize the software development lifecycle by providing customers with a more secure and highly reliable experience,” he said.

New Relic said IAST is available now as part of its all-in-one observability platform for Data Plus subscribers. It’s also offering other users a free, 30-day trial that can be activated today.

Photo: Freepik