In the past, the creation of software took about a year on average of development before being commercialized. Today, many organizations are adopting a continuous integration and deployment approach. Now, the cycle has become shorter, thanks in particular to DevOps, which relies on automation and the pooling of complementary skills to increase the added-value and responsiveness of companies.
The Rohde & Schwarz Cybersecurity strategy aims to help DevOps teams integrate application security right from the design phase, by integrating control capabilities within their APIs and applications. Rohde & Schwarz Cybersecurity has been offering Web Application Firewall (WAF) technologies for about twenty years. The company now makes its technologies consumable by developers. It offers tools that integrate into the environment and tools already existing and that use the same languages and technologies of the DevSecOps universe. It is in this context that Rohde & Schwarz Cybersecurity is launching R&S Trusted Application Factory.
Putting security at the heart of applications
R&S Trusted Application Factory is a solution for DevOps teams with the objective of providing security, simplicity and visibility.
– Security: By integrating security as close as possible to the application
– Simplicity: To simplify collaboration, the security solution must be integrated into the DevOps teams’ universe. Thus, the same tools, languages and concepts must be used.
– Visibility: It is necessary to provide visibility to the various users and managers: developers, infrastructure and security. R&S Trusted Application Factory tracks the application from design to production execution, providing indicators on its security throughout its lifecycle.
The R&S Trusted Application Factory application security service is deployed as a container for each application. This container can therefore “evolve” at the same time as the application in Kubernetes or Docker clusters. It can therefore automatically adapt to the application load. It also accompanies the application and can be deployed on-demand as well as on the private or public cloud. All the services are managed from a SaaS administration console, which enables the security of the various applications to be monitored.
The solution is based on the concept of “Context Description” to improve the level of security. Indeed, the data specific to each application and available to the development teams are essential for the configuration of security. The type of persistence used, the programming language, the server operating system and the data formats make it possible to automatically adapt protection policies by invoking the appropriate engines. By taking all these elements into account, increased security and a reduced risk of false positives is achieved.
Rohde & Schwarz Cybersecurity
Rohde & Schwarz Cybersecurity is a leading IT security company that protects the digital assets of companies and public institutions worldwide from cyberattacks.
Rohde & Schwarz
Rohde & Schwarz is a leading supplier of solutions in the fields of test and measurement, broadcast and media, aerospace | defense | security and networks and cybersecurity.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co KG.