Highlights –

  • Engineers will be able to contextualize many security signals in one place by mapping and correlating technical components.
  • Currently available in limited preview across all regions as part of the New Relic platform, New Relic Vulnerability Management will be available to the public later this year.

New Relic, a full-stack observability firm, announced the introduction of a new vulnerability management service, New Relic Vulnerability Management, to help organizations detect and address security risks quickly and accurately.

With the launch of this new solution, engineers in the software team, including site reliability engineers, will be able to use New Relic as the default platform to aggregate native and third-party security signals regarding the entire software stack for a comprehensive approach to security and risk management.

It will be easier for engineering teams to manage security risk at scale and accelerate secure software delivery and operation. The new service does not charge full platform users with the Data Plus SKU, thus offering more value to every existing New Relic customer.

Organizations often find it difficult to secure modern software applications. Almost every software experience comprises thousands of components spread across multiple clouds and open-source projects often owned by multiple engineering teams and third parties. Every single component holds the potential to carry security vulnerabilities.

Historically, software teams have used several disparate security solutions to discover security vulnerabilities. This leads to a siloed understanding of security risks, creating blind spots and multiplying business risks.

New Relic’s observability platform can solve the same problem for DevOps use cases. It uses multiple sources to collect performance signals and offers full visibility across the stack. The new vulnerability management service extends its open ecosystem approach and is the sole observability platform in the market that allows customers to easily aggregate native vulnerability detection and existing security data from the security solutions they already use.

As a result, engineering teams like DevOps, SecOps, NetOps, and SRE can gain total visibility of all software vulnerabilities in just a few minutes. They can collectively understand and close security gaps and ultimately protect their customers’ data.

“Minimizing security risk across the entire software development life cycle is imperative—and we are seeing more pressure on DevOps to manage risk while making sure it doesn’t become a blocker to the pace of innovation,” said New Relic CEO Bill Staples. “New Relic Vulnerability Management delivers more value to engineers harnessing the power of observability with our platform approach and accelerates our mission to help every engineer do their best work with data, not opinions.”

Engineers will be able to contextualize many security signals in one place by mapping and correlating technical components. They will be able to monitor, debug, and secure the entire software stack and minimize overall risk more effectively.

Engineering teams will be able to do the following with New Relic Vulnerability Management:

  • Integrate third-party security tools seamlessly with native vulnerability detection for unified security in context.
  • Use strongly opinionated KPIs to break down silos and instill a greater understanding of security across organizations.
  • Give security risk a priority with entity correlation and topological analysis within the curated New Relic product experience.
  • Spot actions to remediate risk, integrate directly into ticketing systems, and offer an audit trail of decisions and actions to unify security workflows throughout the SDLC.
  • Integrate and address vulnerabilities during development as well as in pre-production and production environments.

A Forrester Research titled, “Defend Against Cyberattacks And Emerging Threats,” August 2, 2021, put it: “The goal is not to prevent an intrusion, the goal is to help the organization become a trusted business. Trusted businesses do not allow multiple intrusions to occur, or they will not remain trusted. This phase is not a failed state but an opportunity for transparency and improvement, especially by demonstrating to customers and employees that they are the victims here. This is where observability for constant situational awareness, effective analytics, and expertise converge to find sophisticated and emerging threats that bypassed the earlier stages.”

Currently available in limited preview across all regions as part of the New Relic platform, New Relic Vulnerability Management will be available to the public later this year. The new vulnerability management capabilities will not charge anything from full platform users with the Data Plus SKU.